Discuss mailing list

[David Norman <deekayen AT deekayen.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Yeah, my server ended up in the middle of a DoS on a German game site
about a week ago. It made the ddos.pl script peg one of my CPU cores,
which took over an hour to figure out what to block.

Kenny Taylor published some iptables rules to help on the list and my
server has calmed down. I suspect if I turned on logging that I would
still find things I wouldn't be happy about. I find it hard to believe
that we need to be inventing our own iptables rules for a public
recursive DNS server.

The bigger question I have is - has anyone here really spent the time
to see if someone has compiled a list of realistic, protective rules?

On 4/15/13 9:21 PM, Guillaume Parent wrote:
> Hey guys,
> 
> Got hit by my first semi significant DoS today, about 28 queries
> per second caused 4 Mbps outbound.
> 
> CPU went from 4-6% to 20%. The whole thing went on for about 4-5
> hours until I blacklisted the 3 IPs involved.
> 
> They requested a massive TXT record that was on a russian server
> somewhere.
> 
> Anyone see something similar?

-----BEGIN PGP SIGNATURE-----

iQewBAEBCgAGBQJRbMESAAoJEKPH7FVYbGrVk2w8nA6lMqAveZH6M/qvelBJoOnN
O/U3nb0lfAM4AA7k1QuO7y3FUKPszra2fiM1SvtkNY2ApzjQU+7BLKjULkuRqUCP
vA8g8QLI/0SS4ZypApiG5p6kKuvGEiZaW+VwROch5QvPdhNJFXyUhEwBXVBrLA4U
E+VyQcvLbj37/rjeoyJAh9GRTAnuLvxwuHtBSdHDptV3D53cWWCpi1OUVFNub2KZ
GUmdD3tWadwMj5IJS9/aA7+R1R9OALW8PPsURDDS2ba/aA5Ax9rW8zPFUNDe51VV
ES5FmnynTgYdlr2yUPZoe33lCeaxf3OHr96521iWrod2KdqEBtA3mLVATYcW3mxn
Ai8iAM6xs3PAQAP/6pJ4un49uVuHczFNHZprhRTBLOKOCsZamYnxQ2uUjyV01MEq
VH2iLCtE4WB6bZlCELfQs+Tt75z/K3G7gCWIGfjII/RBphAB62DK8SfHO/1fY2BO
CvryljWz5IgznUkJbvTNrrPraH7O/eArn5xGioEv6V8dE80tila+ad/lVdme7DPs
pegRbGijkMMQyT07rrzmpUgCCkv0L/Z0F49fKRKqWUTLw0S7NrT0ekw7wt7D3b+k
4ct47hkIYMIOXTrJE/MwVVP3gFpyK6syvh9EKxvLr5uVZ56O3m7I5dY02Ld2uRRv
kCZiLXKdWPE7aPXjTCMTQMKw8psBISWYKJblGhMcIn25KErmBz163YHXZRgmXqwr
88ICKECiCRkQ3n52vI1SKNsC45bPMZ7UTPj5w3NclxZdZna2YMi09tDmjVgMpF+l
KDC5wwddSzx5ufkL4HTjxEacAnp92XxjHf2IJbL+1KzYrBgvn7uFa6/k6m/rA7Yc
Cn6uZ+CxQDEpQgcNMVlFG0FNX3/Z82mhI4o9Hpn8ry22ZnCFnnodydbvaUi2oBOH
Q4ogwXo9uQY01NTlxL+yglP4KlnmuD6Y3+4J/1jvc6FcWd35B4js0NVQ7/WmxiBB
NWFsfKj+NiNImx5Ws5zYF6VIBVzggMT1yusbvdMf+ATISConkE07aIHQZOa75fWO
sZpxifNlHJZA7evmp4e4QfxxYBI7H5qjUZxKys8rQ0/w1QnL1HKEZ0eiPCJt3ikY
UtGrIdkF68OYlaMyrUqhYhLXWfsytcARTO53piSgdmeMOCm/KmL0R9kH7MTdxPjW
EgO1kswAQ3JDJWaVmEGvp+O9laYdxVrjdulbB8sdfSIHwS9RJIikppg52Up0VRnQ
ynaEEAt7qHF81PDvdPczri9NdBhgAkWc7BZ1DwfbnJG/OByAaRzjnkLzEBvhOIUc
kn1mBHbBhhqhyoPxKIcpxyORVkbiB6s2xz9KeHJ+dp568izGafpjuCZDuoEaz4FB
LyWbV9ahpFwTu8Ght1ekHEOpaT8wGbCu7zAU1Nm7eE/Mtjj+GPIGDF1ozspIjf50
Qpr5enIJZHW7L9cwPiCPNg07ofoCLz/Vt0p7npFqC0eV9lXGVkXKTS1rvXJFD/rV
ZP9iUPxFUZ7LCKOvJk1E+1kVSXhuarBgFAt5NWlZQOnk3MlAnQgsDjStSCvTJdzQ
Hzsow/9V1nIJu96cGgTSKix01jbWav6khDarkjEdf+T4qrpUlkhFVigNSRoZtwf+
rXk4SiWL+aitkskJIaE38vWTG8Mwm7o8gqhbPDygVdWg8CNccqdTNbo++EkVKmk8
GzHQGTPjWewT0iWVx7+jCjwWnOi6O1EmGBnKie+XH9ksE2zbiuPvXI5ROJZbNsy8
2KW/AQ9vEzb4mAW0OYX1RUTFAWZ0FW0x30uISkHOxJ/t9pAkr2wXHz9V9S92WgvU
lqRoJcVfRSBCZVLkrjUEPs24fs1KICCXsffoddtI8tEGVh1JLAOE4xzt8f7AvfcA
hifrQRcsE/Sri9MPq9WsmH4NaSV8x75MlmWHLUM4uLs9yt5AvDYxDzpDdhAyQVyD
73udYlkLT3r665w+OMtOsKuxoMjNaQDojvRnkGjkuUn95N/PA0ednCuPlObkBkK1
Mtjv+CYNtPY5xuAyDWIFsqMfy1D2ZetWmqexC3M66dTZFv+LaU/WaUMIUtudtOeZ
439grkkypMcAU9QHAd4fzRw4TVgeFuptwsbuFMnysvkUbCOqCtnHiwMNG5qZNEhe
euvmZkcmd8tICMbKC5n8EBB/WQQxlcbG0Obev+4ctf7csg+NBLhYDN8KGnPKtauX
frRdjgbtAfeN2/LM6Xo7uKXiLPV4BhB2/Vqp768uhSMf7TsI2hS9bjJTE0h6TyE2
sOovGJbf1KMsK+0WcvxlyZh1lN7PHFGEvFVYgAcLmSGuRe86A/9uMNgdtIMpCgJh
8dM/DiLYdBJVJezbqQASBvxnaqhJkn9ErNfdx8MCcecfcM444VF5YgTD0g+hD7Kc
9yvmbIOd1aTFd0Esa5I4qpysXCmG3L4Z7w0u+ZNTA5PE2/FYhMa8C5+YI2CuI2ni
iR7KxKNl6kjz8iosXJlgmdqlAobbwigmmgG5sM/hg+X5jf3CgXaLm9SDX76Kgwz3
324FWiA4aH9TsI/8/CyK9l+BR9YL3+P2tdf042XiBm7C4BcSHkWZkygdxWCdFPv7
+GLp
=+uRT
-----END PGP SIGNATURE-----