discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: Jeff Taylor <shdwdrgn AT sourpuss.net>
- To: discuss AT lists.opennicproject.org, OpenNIC DNS Ops <dns-operations AT lists.opennicproject.org>
- Subject: [opennic-discuss] Sustained attack from 77.50.*
- Date: Sat, 21 May 2016 10:37:39 -0600
- Authentication-results: mx4.sourpuss.net; dmarc=none header.from=sourpuss.net
- Dmarc-filter: OpenDMARC Filter v1.3.0 mx4.sourpuss.net 295B82D3F3
I have been getting hit by a sustained attack from 77.50.0.0/16 for the past 5 hours, completely saturating my outgoing bandwidth. This is despite my T1 only allowing recursion from opennic servers, and my T2 only allowing whitelisted users, so I'm not exactly sure how they got around that...
The attack queries are searching for ANY +E. The domains being hit are listed below, and they are just being cycled through continuously.
Use this line to completely block the range of IP's if you also see this problem:
# iptables -I INPUT -s 77.50.0.0/16 -j DROP
067.cz
1x1.cz
defcon.org
energystar.gov
freeinfosys.com
globe.gov
gransy.com
gtml2.com
hccforums.nl
sandia.gov
sema.cz
svist21.cz
vlch.net
- [opennic-discuss] Sustained attack from 77.50.*, Jeff Taylor, 05/21/2016
- Re: [opennic-discuss] Sustained attack from 77.50.*, Jeff Taylor, 05/21/2016
- Re: [opennic-discuss] Sustained attack from 77.50.*, Jeff Taylor, 05/21/2016
- Re: [opennic-discuss] Sustained attack from 77.50.*, Julien Champenois, 05/21/2016
- Re: [opennic-discuss] Sustained attack from 77.50.*, willfurnell, 05/21/2016
- Re: [opennic-discuss] Sustained attack from 77.50.*, Jeff Taylor, 05/21/2016
- Re: [opennic-discuss] Sustained attack from 77.50.*, Jeff Taylor, 05/21/2016
Archive powered by MHonArc 2.6.19.