Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] Today's DDoS

discuss AT

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] Today's DDoS

Chronological Thread 
  • From: Guillaume Parent <gparent AT>
  • To: discuss AT
  • Subject: Re: [opennic-discuss] Today's DDoS
  • Date: Thu, 28 Mar 2013 11:59:32 -0400


If it works well, can we have a few details about it? I'm starting to have a decent firewall setup but I think all of us would benefit from the info.


On Mar 28, 2013 10:56 AM, "Stefan Sabolowitsch" <Stefan.Sabolowitsch AT> wrote:
Hi Jeff / all
Thank you for your help but i have a good solution with DNS Dampening and a pro active IPS / FW.
Thus, all systems are stable and accessible (i hope so for the future).


Am 28.03.2013 um 15:29 schrieb Jeff Taylor <shdwdrgn AT>:

Have you looked at http://wiki.opennic.glue/Tier2Security ?
If you can post a few examples of what you're getting from tcpdump, we could try to help.  Having several example packets will tell me if the bot hitting you is using a single port, or if there is a pattern in the attack we can use to block them.  Unfortunately the log snippet you posted does not give any useful info.

On 03/28/2013 02:06 AM, Stefan Sabolowitsch wrote:
Hi all, 
I can not say that it is quiet / silent for me.
On all three DNS Servers, i've been constantly DNS attacks for about 4 weeks and this with 1 -2 k requests per second

really small example:
03/28/2013-06:13:39.134900 [Drop] [**] [1:2016016:6] ET CURRENT_EVENTS DNS Amplification Attack Inbound [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} ->

But help me out here DNS Dampening and an pro active IPS System.


Archive powered by MHonArc 2.6.19.

Top of Page