Discuss mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

Since it wasn't mentioned yet, the ddos.pl script can be found at
http://wiki.opennic.glue/ddosDotPl
This script will block the typical isc.org attacks, however the ripe.net
attacks we have been seeing over the past week do not get trapped.  I've
been planning to add new rules to the script to catch this new attack,
but haven't had a chance yet.


On 10/17/2012 05:47 PM, Brian Koontz wrote:
> On Thu, Oct 18, 2012 at 06:51:52AM +1000, Martin C wrote:
>> I know it was mentioned before on this list, but I can't remember if any
>> IP addresses were mentioned. Anyway, I was watching the logs the other
>> day and noticed one IP doing a lot of lookups for the same domain over
>> and over again (isc.org).
> Martin, in addition to Jeff's excellent DDOS.pl script that Alex
> mentioned, you might also try these iptables rules:
>
> http://wiki.opennic.glue/IPTablesRulesToBlockDDOSTraffic
>
> They have been very effective on a couple of servers (including mine)
> in reducing server load.  Of course, they do nothing for upstream
> traffic that is still hammering your server, but at some point the ISP
> has to take some responsibility for monitoring their own upstream
> stuff.
>
>   --Brian
>