[110934] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: isprime DOS in progress

daemon@ATHENA.MIT.EDU (Noel Butler)
Fri Jan 23 20:50:37 2009

From: Noel Butler <noel.butler@ausics.net>
To: Chris McDonald <copraphage@gmail.com>
In-Reply-To: <25dbbe250901231321s7cf17d20jeb526c0e75aea6a1@mail.gmail.com>
Date: Sat, 24 Jan 2009 11:50:24 +1000
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org

On Sat, 2009-01-24 at 07:21, Chris McDonald wrote:

> We [AS3491] null0'd the IP earlier.  Rest-of-world encouraged to do the same :/
> 

Wrong approach, they are *innocent* in this as are the new targets.

insert into your favourite acl:
deny udp host 66.230.160.1 neq 53 any eq 53
deny udp host 66.230.128.15 neq 53 any eq 53

But it's much less work to add a filter on the name server as others
have mentioned.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[110934] in North American Network Operators' Group

Re: isprime DOS in progress

daemon@ATHENA.MIT.EDU (Noel Butler)Fri Jan 23 20:50:37 2009

daemon@ATHENA.MIT.EDU (Noel Butler)
Fri Jan 23 20:50:37 2009