dns-operations AT lists.opennicproject.org
Subject: Dns-operations mailing list
List archive
- From: Steven Coutts <stevec AT couttsnet.com>
- To: dns-operations AT lists.opennicproject.org
- Subject: Re: [opennic-dns-operations] lot of traffic to isc.org
- Date: Thu, 22 Nov 2012 09:08:06 +0000
ddos.pl didn't help me much, but this iptables snippet someone gave me on IRC stopped them -:
/sbin/iptables -I INPUT -p udp -m string --hex-string "|00000000000103697363036f726700|" --algo bm --to 65535 --dport 53 -j DROP
Regards
On Thursday 22 Nov 2012 01:48:17 Alex Hanselka wrote:
This is not "normal" per se. It happens fairly frequently but it is a DDoS. The ddos.pl script on the wiki should help a bit.
On Nov 22, 2012, at 1:16 AM, Stefan Sabolowitsch <Stefan.Sabolowitsch AT felten-group.com> wrote:
Hi all,
I see since two weeks a high traffic to isc.org (30 - 60 query per second, IN ANY).
Especially on the server ns1.lu.
Is the normal?
Has anyone seen this also?
Best regards
Stefan Sabolowitsch
short example:
22-Nov-2012 07:45:58.339 client 184.168.72.113#39943 (isc.org): query: isc.org IN ANY +ED (192.168.200.12)
22-Nov-2012 07:45:58.453 client 93.170.127.96#46196 (isc.org): query: isc.org IN ANY +ED (192.168.200.12)
22-Nov-2012 07:45:58.661 client 93.170.127.96#14231 (isc.org): query: isc.org IN ANY +ED (192.168.200.12)
22-Nov-2012 07:46:00.065 client 184.168.72.113#12578 (isc.org): query: isc.org IN ANY +ED (192.168.200.12)
22-Nov-2012 07:46:01.696 client 93.170.127.96#42092 (isc.org): query: isc.org IN ANY +ED (192.168.200.12)
22-Nov-2012 07:46:01.786 client 184.168.72.113#10816 (isc.org): query: isc.org IN ANY +ED (192.168.200.12)
22-Nov-2012 07:46:03.075 client 184.168.72.113#17827 (isc.org): query: isc.org IN ANY +ED (192.168.200.12)
22-Nov-2012 07:46:03.509 client 184.168.72.113#52906 (isc.org): query: isc.org IN ANY +ED (192.168.200.12)
22-Nov-2012 07:46:04.730 client 93.170.127.96#37072 (isc.org): query: isc.org IN ANY +ED (192.168.200.12)
22-Nov-2012 07:46:05.233 client 184.168.72.113#1968 (isc.org): query: isc.org IN ANY +ED (192.168.200.12)
22-Nov-2012 07:46:06.957 client 184.168.72.113#9331 (isc.org): query: isc.org IN ANY +ED (192.168.200.12)
22-Nov-2012 07:46:07.765 client 93.170.127.96#7269 (isc.org): query: isc.org IN ANY +ED (192.168.200.12)
22-Nov-2012 07:46:07.802 client 93.170.127.96#17932 (isc.org): query: isc.org IN ANY +ED (192.168.200.12)
22-Nov-2012 07:46:08.680 client 184.168.72.113#62157 (isc.org): query: isc.org IN ANY +ED (192.168.200.12)
22-Nov-2012 07:46:10.345 client 184.168.72.113#30779 (isc.org): query: isc.org IN ANY +ED (192.168.200.12)
22-Nov-2012 07:46:10.402 client 184.168.72.113#62921 (isc.org): query: isc.org IN ANY +ED (192.168.200.12)
22-Nov-2012 07:46:10.799 client 93.170.127.96#16963 (isc.org): query: isc.org IN ANY +ED (192.168.200.12)
22-Nov-2012 07:46:12.125 client 184.168.72.113#6727 (isc.org): query: isc.org IN ANY +ED (192.168.200.12)
22-Nov-2012 07:46:12.396 client 93.170.127.96#59885 (isc.org): query: isc.org IN ANY +ED (192.168.200.12)
22-Nov-2012 07:46:13.833 client 93.170.127.96#28647 (isc.org): query: isc.org IN ANY +ED (192.168.200.12)
22-Nov-2012 07:46:13.849 client 184.168.72.113#15225 (isc.org): query: isc.org IN ANY +ED (192.168.200.12)
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
- [opennic-dns-operations] lot of traffic to isc.org, Stefan Sabolowitsch, 11/22/2012
- Re: [opennic-dns-operations] lot of traffic to isc.org, Alex Hanselka, 11/22/2012
- Re: [opennic-dns-operations] lot of traffic to isc.org, Steven Coutts, 11/22/2012
- Re: [opennic-dns-operations] lot of traffic to isc.org, Jeff Taylor, 11/22/2012
- Re: [opennic-dns-operations] lot of traffic to isc.org, Brian Koontz, 11/22/2012
- Re: [opennic-dns-operations] lot of traffic to isc.org, Psilo, 11/22/2012
- Re: [opennic-dns-operations] lot of traffic to isc.org, Jeff Taylor, 11/22/2012
- Re: [opennic-dns-operations] lot of traffic to isc.org, Jeff Taylor, 11/22/2012
- Re: [opennic-dns-operations] lot of traffic to isc.org, Steven Coutts, 11/22/2012
- Re: [opennic-dns-operations] lot of traffic to isc.org, Jeff Taylor, 11/22/2012
- <Possible follow-up(s)>
- Re: [opennic-dns-operations] lot of traffic to isc.org, Steven Coutts, 11/22/2012
- Re: [opennic-dns-operations] lot of traffic to isc.org, Alex Hanselka, 11/22/2012
Archive powered by MHonArc 2.6.19.