Dns-operations mailing list

[DarkLinkXXXX <darklinkxxxx AT gmail.com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 8/19/2012 4:03 AM, Falk Husemann wrote:
> Hello,
> 
> my T2 at 46.252.139.27 was offline since yesterday 11pm til today
> 12am.
> 
> The T2 seems to have been used in an DNS Amplification DoS which 
> generated too many small UDP packets to the spoofed querying
> client. This took my whole cable connection down (again!).
> 
> These are the queries (had to enable query log for one minute): 
> query.log:19-Aug-2012 12:46:41.502 client 199.115.114.218#25345: 
> query: isc.org IN ANY +ED (46.252.139.27)
> 
> 
> Here is the iptables line to stop this attack: iptables -A INPUT -p
> udp -m string --hex-string "|03697363036f726700|" --algo bm -j
> DROP
> 
> Suggestions/improvements welcome!
> 
> Greets, Falk
> 
> ---- To unsubscribe, email
> dns-operations-unsubscribe AT lists.opennicproject.org
> 

That's pretty interesting, but I can't find your pubkey anywhere.
Could you please mail it to me, or point me to somewhere it's published?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQMnhsAAoJEKFq3PUSII2ofbYP+wZWv8yjMme73odwl1l0cp2x
rY9/+SFuZdW5n2NvCN0DED87bCiHGKeXqhpaKqEN4PcT/OpWpC4K2kiGA9KSnodX
BGFNdYpZM4leWGVK07ofiDrxnR/udsQjbxx2CogUCv5cKjioPzRDsHi1HT463yuI
9ivHRXCn2hQOjYL4s0y63slzz2FZMpn0PduPGwX7Wo2Lp6w4ZDQSj0uCeueeh6tz
1MwD3jcSiG1GcJjA4o8b3sPeMtJ3rAS8lVCS1jprD5kdQQuC09fOvULwj7vGJjp6
5ZbFQzz0cGgw+Z0K2w90AJFZ61fo/SGgs5J/PX7d0E7e3T0xZ73VRnAmHLEsX+lj
nDbDNueaBBFWxz/cBZzshfMgcc/IxkXOOhSNBq82ko2a7Rec6bTozCA/pcAKA+6n
/4s/29qiATRE2FIRwDMWzrc/oo/tM+W/OO0HTuevJueCaQHu2kZ5RmjbRTHtlXkO
XXQZuzpWJWarvTar0hs6RPsvIZRLouu8JhdVW9/WsUq5wvOs+8r+sBI8lS6mzOD5
xQOGaNXg2Opo0C0Lv3iFZo311JLnrM0asyiFSI0SZBY8nI2pSFi8InV/BtZ+4NmB
U9tIdTqTHFw9zpAaSIMsZ65f415VXwObLa+LDrYkQPTBQMkfB83HG7ifw7/wlEG6
lMIz50/gCEhJlvU76Ckk
=aWHY
-----END PGP SIGNATURE-----