Discuss mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

Well crap... ok that makes it a lot more likely that someone has come up with a way to get around restricted access lists.

On 05/21/2016 11:05 AM, willfurnell AT me.com wrote:

I thought I was the only one! I've been having this attack on my T2
whitelisted resolver for around a week or so now, which was also
slightly confusing.

On 21/05/2016 17:37, Jeff Taylor wrote:

I have been getting hit by a sustained attack from 77.50.0.0/16 for the
past 5 hours, completely saturating my outgoing bandwidth.  This is
despite my T1 only allowing recursion from opennic servers, and my T2
only allowing whitelisted users, so I'm not exactly sure how they got
around that...

The attack queries are searching for ANY +E.  The domains being hit are
listed below, and they are just being cycled through continuously.

Use this line to completely block the range of IP's if you also see this
problem:
# iptables -I INPUT -s 77.50.0.0/16 -j DROP

067.cz
1x1.cz
defcon.org
energystar.gov
freeinfosys.com
globe.gov
gransy.com
gtml2.com
hccforums.nl
sandia.gov
sema.cz
svist21.cz
vlch.net





--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org

--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org