Discuss mailing list

[waqas <waqas281 AT gmail.com>]

sadly there are no more details on the traffic for anonymity purpose i had set the logging to minimal.so I'd know when there was flood from one certain IP.
Also im using windows server 2012 so i don't know how i could possibly implement the iptables rules.
I used ipsec to block the traffic and so far its been working pretty good, i haven't seen any more traffic from that ip address.
I looked up the IP address and its some gaming chat server, odd for such server to be sending so much traffic espacily since the server says its offline.
also another observation i did, i never posted my server address on the t2 list on the opennic site i only posted it in here. so how this person got my server address seem like pretty logical hes in here reading these emails LOL.

On Sun, Jul 14, 2013 at 4:10 PM, Jeff Taylor <shdwdrgn AT sourpuss.net> wrote:

The log entry doesn't seem to give much detail about what is going on.
Do you know if this is directed at DNS queries or something else?  If
it's DNS, can you post an example of the query or packet so we can see
what is being sent?

Also, have you implemented any of the suggestions on the wiki security page?
http://wiki.opennicproject.org/Tier2Security

On 07/14/2013 10:56 AM, waqas wrote:
> Is anyone else experiencing this I've been getting this traffic for
> last hour and half and i finally blocked it. thinking its defiantly
> malicious.
> 7/14/2013 11:28:00 AM 04C4 PACKET  0000001950D53E80 UDP Snd
> 109.163.238.75  9768 R Q [8083  TDR  NOERROR] ALL
> (1)d(10)directedat(4)asia(0)
>

--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org