dns-operations AT lists.opennicproject.org
Subject: Dns-operations mailing list
List archive
Re: [opennic-dns-operations] ALERT - If you are getting high DNS traffic, please read!
Chronological Thread
- From: Hospedaje Web y Servidores Dedicados <ventas AT dedicados.com.mx>
- To: dns-operations AT lists.opennicproject.org
- Subject: Re: [opennic-dns-operations] ALERT - If you are getting high DNS traffic, please read!
- Date: Thu, 12 Dec 2013 15:22:00 -0600
add to your named.conf.options
statistics-channels {
inet 123.ip.ip.ip port 9999 allow { any; };
};
and restart
i use that.
Ing. Alejandro M.
Hospedaje Web y Servidores Dedicados
http://www.dedicados.com.mx
------
correo / msn: ventas AT dedicados.com.mx
skype: dedicados
------
El 12/12/2013 03:13 p.m., Abraão Caldas escribió:
Anyone can recommend some tool to make a Web Live Status of Bind server (how much requests, top ip requests , etc....)
2013/12/12 Jeff Taylor <shdwdrgn AT sourpuss.net <mailto:shdwdrgn AT sourpuss.net>>
One way you can usually tell if you are being attacked, or if
someone is just hogging all your bandwidth -- try blocking the
IP's that are generating all the traffic. Nearly all of the
attacks I have seen in the last year will rotate the IP addresses
they attack from (see below) so if you block one set of addresses,
you will see a new set attacking you within a few minutes. In the
case from yesterday, the IP addresses were blocked, and did not
change. This made it easy for me to stop the flow of traffic, but
it also made me look closer at what was actually happening.
The biggest problem for us with DNS attacks is that the attacker
does not need to actually receive confirmation of his packets. He
is able to send spoofed UDP packets at very little cost to
himself. Unfortunately this also means that we, as administrators,
have very little that we can do to track down the *actual* source
of the attacks. If anyone were to ever come up with a method of
tracking spoofed IPs back to their source, you would make the
world of network administration a much happier place!
On 12/12/2013 09:03 AM, Hospedaje Web y Servidores Dedicados wrote:
would be great,
to put online again my 10 servers.
Ing. Alejandro M.
Hospedaje Web y Servidores Dedicados
http://www.dedicados.com.mx
------
correo / msn: ventas AT dedicados.com.mx
<mailto:ventas AT dedicados.com.mx>
skype: dedicados
------
El 12/12/2013 08:53 a.m., Jeff Taylor escribió:
Actually the person said he would stop running his crawler
with opennic servers, so you could probably remove the
entire block and find it is still working ok.
On 12/12/2013 07:09 AM, Hospedaje Web y Servidores
Dedicados wrote:
Is for test first, seems to work ok.
Ing. Alejandro M.
Hospedaje Web y Servidores Dedicados
http://www.dedicados.com.mx
------
correo / msn:ventas AT dedicados.com.mx
<mailto:msn%3Aventas AT dedicados.com.mx>
skype: dedicados
------
El 12/12/2013 03:09 a. m., Guillaume Parent escribió:
Please do not ban whole countries to block this,
that is a ridiculous overreaction. He just gave
you a list - use it.
On Wed, Dec 11, 2013 at 11:18 PM, Hospedaje Web y
Servidores Dedicados <ventas AT dedicados.com.mx
<mailto:ventas AT dedicados.com.mx>
<mailto:ventas AT dedicados.com.mx
<mailto:ventas AT dedicados.com.mx>>> wrote:
Well, im going to start with that, and if all
the load goes off,
i remove the country block, and add only those
ips =)
Ing. Alejandro M.
Hospedaje Web y Servidores Dedicados
http://www.dedicados.com.mx
------
correo / msn: ventas AT dedicados.com.mx
<mailto:ventas AT dedicados.com.mx>
<mailto:ventas AT dedicados.com.mx
<mailto:ventas AT dedicados.com.mx>>
skype: dedicados
------
El 11/12/2013 05:11 p.m., Jeff Taylor escribió:
I wouldn't do that, because a number of
European users are
making use of US servers. Besides, it
makes it difficult to
be open to all if you're banning whole
countries. :-)
On 12/11/2013 03:46 PM, Hospedaje Web y
Servidores Dedicados
wrote:
Thanks for the info Jeff, as my
servers are on USA (
most of them ) can i ban the whole
country? "DE".
Ing. Alejandro M.
Hospedaje Web y Servidores Dedicados
http://www.dedicados.com.mx
------
correo / msn: ventas AT dedicados.com.mx
<mailto:ventas AT dedicados.com.mx>
<mailto:ventas AT dedicados.com.mx
<mailto:ventas AT dedicados.com.mx>>
skype: dedicados
------
----
To unsubscribe, email
dns-operations-unsubscribe AT lists.opennicproject.org
<mailto:dns-operations-unsubscribe AT lists.opennicproject.org>
<mailto:dns-operations-unsubscribe AT lists.opennicproject.org
<mailto:dns-operations-unsubscribe AT lists.opennicproject.org>>
----
To unsubscribe, email
dns-operations-unsubscribe AT lists.opennicproject.org
<mailto:dns-operations-unsubscribe AT lists.opennicproject.org>
<mailto:dns-operations-unsubscribe AT lists.opennicproject.org
<mailto:dns-operations-unsubscribe AT lists.opennicproject.org>>
----
To unsubscribe, email
dns-operations-unsubscribe AT lists.opennicproject.org
<mailto:dns-operations-unsubscribe AT lists.opennicproject.org>
----
To unsubscribe, email
dns-operations-unsubscribe AT lists.opennicproject.org
<mailto:dns-operations-unsubscribe AT lists.opennicproject.org>
----
To unsubscribe, email
dns-operations-unsubscribe AT lists.opennicproject.org
<mailto:dns-operations-unsubscribe AT lists.opennicproject.org>
----
To unsubscribe, email
dns-operations-unsubscribe AT lists.opennicproject.org
<mailto:dns-operations-unsubscribe AT lists.opennicproject.org>
----
To unsubscribe, email dns-operations-unsubscribe AT lists.opennicproject.org
- Re: [opennic-dns-operations] ALERT - If you are getting high DNS traffic, please read!, (continued)
- Re: [opennic-dns-operations] ALERT - If you are getting high DNS traffic, please read!, Hospedaje Web y Servidores Dedicados, 12/11/2013
- Re: [opennic-dns-operations] ALERT - If you are getting high DNS traffic, please read!, Jeff Taylor, 12/11/2013
- Re: [opennic-dns-operations] ALERT - If you are getting high DNS traffic, please read!, Hospedaje Web y Servidores Dedicados, 12/11/2013
- Re: [opennic-dns-operations] ALERT - If you are getting high DNS traffic, please read!, Guillaume Parent, 12/12/2013
- Re: [opennic-dns-operations] ALERT - If you are getting high DNS traffic, please read!, Alejandro Bonet, 12/12/2013
- Re: [opennic-dns-operations] ALERT - If you are getting high DNS traffic, please read!, Hospedaje Web y Servidores Dedicados, 12/12/2013
- Re: [opennic-dns-operations] ALERT - If you are getting high DNS traffic, please read!, Jeff Taylor, 12/12/2013
- Re: [opennic-dns-operations] ALERT - If you are getting high DNS traffic, please read!, Hospedaje Web y Servidores Dedicados, 12/12/2013
- Re: [opennic-dns-operations] ALERT - If you are getting high DNS traffic, please read!, Jeff Taylor, 12/12/2013
- Re: [opennic-dns-operations] ALERT - If you are getting high DNS traffic, please read!, Abraão Caldas, 12/12/2013
- Re: [opennic-dns-operations] ALERT - If you are getting high DNS traffic, please read!, Hospedaje Web y Servidores Dedicados, 12/12/2013
- Re: [opennic-dns-operations] ALERT - If you are getting high DNS traffic, please read!, Jeff Taylor, 12/12/2013
- Re: [opennic-dns-operations] ALERT - If you are getting high DNS traffic, please read!, Guillaume Parent, 12/12/2013
- Re: [opennic-dns-operations] ALERT - If you are getting high DNS traffic, please read!, Hospedaje Web y Servidores Dedicados, 12/11/2013
- Re: [opennic-dns-operations] ALERT - If you are getting high DNS traffic, please read!, Jeff Taylor, 12/11/2013
- Re: [opennic-dns-operations] ALERT - If you are getting high DNS traffic, please read!, Hospedaje Web y Servidores Dedicados, 12/11/2013
Archive powered by MHonArc 2.6.19.