Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] Sustained attack from 77.50.*

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] Sustained attack from 77.50.*


Chronological Thread 
  • From: willfurnell AT me.com
  • To: discuss AT lists.opennicproject.org
  • Subject: Re: [opennic-discuss] Sustained attack from 77.50.*
  • Date: Sat, 21 May 2016 18:05:03 +0100

I thought I was the only one! I've been having this attack on my T2
whitelisted resolver for around a week or so now, which was also
slightly confusing.

On 21/05/2016 17:37, Jeff Taylor wrote:
> I have been getting hit by a sustained attack from 77.50.0.0/16 for the
> past 5 hours, completely saturating my outgoing bandwidth. This is
> despite my T1 only allowing recursion from opennic servers, and my T2
> only allowing whitelisted users, so I'm not exactly sure how they got
> around that...
>
> The attack queries are searching for ANY +E. The domains being hit are
> listed below, and they are just being cycled through continuously.
>
> Use this line to completely block the range of IP's if you also see this
> problem:
> # iptables -I INPUT -s 77.50.0.0/16 -j DROP
>
> 067.cz
> 1x1.cz
> defcon.org
> energystar.gov
> freeinfosys.com
> globe.gov
> gransy.com
> gtml2.com
> hccforums.nl
> sandia.gov
> sema.cz
> svist21.cz
> vlch.net
>
>
>
>
>
> --------
> You are a member of the OpenNIC Discuss list.
> You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org
>




Archive powered by MHonArc 2.6.19.

Top of Page