Discuss mailing list

[Administrador <admin AT bambusoft.com>]

My T1 ns10 were atacked yesterday
It was a DDoS from 9 to 14 until I block 77.50/16 segment

Mario


Enviado desde mi Samsung Mobile de Telcel

-------- Mensaje original --------
De: Jeff Taylor <shdwdrgn AT sourpuss.net> 
Fecha: 21/05/2016  03:05 PM  (GMT-06:00) 
A: discuss AT lists.opennicproject.org 
Asunto: ***SPAM*** Re: [opennic-discuss] Sustained attack from 77.50.* 

    Well crap... ok that makes it a lot more likely that someone has
    come up with a way to get around restricted access lists.

On 05/21/2016 11:05 AM, willfurnell AT me.com wrote:

I thought I was the only one! I've been having this attack on my T2
whitelisted resolver for around a week or so now, which was also
slightly confusing.

On 21/05/2016 17:37, Jeff Taylor wrote:
> I have been getting hit by a sustained attack from 77.50.0.0/16 for the
> past 5 hours, completely saturating my outgoing bandwidth.  This is
> despite my T1 only allowing recursion from opennic servers, and my T2
> only allowing whitelisted users, so I'm not exactly sure how they got
> around that...
>
> The attack queries are searching for ANY +E.  The domains being hit are
> listed below, and they are just being cycled through continuously.
>
> Use this line to completely block the range of IP's if you also see this
> problem:
> # iptables -I INPUT -s 77.50.0.0/16 -j DROP
>
> 067.cz
> 1x1.cz
> defcon.org
> energystar.gov
> freeinfosys.com
> globe.gov
> gransy.com
> gtml2.com
> hccforums.nl
> sandia.gov
> sema.cz
> svist21.cz
> vlch.net
>
>
>
>
>
> --------
> You are a member of the OpenNIC Discuss list. 
> You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org
>
>       
      
      
      

--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org