[110893] in North American Network Operators' Group
Re: isprime DOS in progress
daemon@ATHENA.MIT.EDU (Harald Koch)
Wed Jan 21 13:24:30 2009
Date: Wed, 21 Jan 2009 13:24:22 -0500
From: Harald Koch <chk@pobox.com>
To: Graeme Fowler <graeme@graemef.net>
In-Reply-To: <1232557692.9593.57.camel@squonk.lboro.ac.uk>
Cc: Nanog Mailing list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Graeme Fowler wrote:
> On Tue, 2009-01-20 at 14:55 -0600, Todd T. Fries forwarded:
> I've been seeing a lot of noise from the latter two addresses after
> switching on query logging (and finishing an application of Team Cymru's
> excellent template) so I decided to DROP traffic from the addresses
> (with source port != 53) at the hosts in question.
>
> Well, blow me down if they didn't completely stop talking to me. Four
> dropped packets each, and they've gone away.
>
I've seen that behaviour in the past, but not this time?
I've seen a few of these attacks bouncing off my nameservers recently,
and when I add "DROP" rules to my firewall, the incoming traffic
disappears soon after. But the most recent set (66.230.160.1 and
66.230.128.15) are still hammering away...
--
Harald
