Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] Sustained attack from 77.50.*

discuss AT

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] Sustained attack from 77.50.*

Chronological Thread 
  • From: Jeff Taylor <shdwdrgn AT>
  • To: discuss AT, OpenNIC DNS Ops <dns-operations AT>
  • Subject: Re: [opennic-discuss] Sustained attack from 77.50.*
  • Date: Sat, 21 May 2016 10:53:05 -0600
  • Authentication-results:; dmarc=none
  • Dmarc-filter: OpenDMARC Filter v1.3.0 A84CD2D95A

By the way, I have already confirmed these addresses are NOT on either the whitelist, nor in the ACL for opennic servers.

There is the possibility that I broke something in my rules while adding a new network connection recently (which allowed the attacker to query my T2 servers that should only be accepting whitelisted connections), otherwise there is the possibility this is a new type of attack that somehow bypasses Bind9 query settings. I'm guessing the first option is the most likely, but I'll be looking into it this weekend.

Archive powered by MHonArc 2.6.19.

Top of Page