[110961] in North American Network Operators' Group
Tracking the DNS amplification attacks (was: isprime DOS in progress)
daemon@ATHENA.MIT.EDU (Brian Keefer)
Sat Jan 24 19:50:39 2009
From: Brian Keefer <chort@smtps.net>
To: nanog@nanog.org
In-Reply-To: <2AB3D2DC-4076-4B31-B14C-41A27D268377@smtps.net>
Date: Sat, 24 Jan 2009 16:50:24 -0800
Errors-To: nanog-bounces@nanog.org
--Apple-Mail-1--1013127120
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
Caveat: my PERL is _terrible_.
http://www.smtps.net/pub/dns-amp-watch.pl
This assumes you're using BIND. My logs roll on the hour, so I run it
from cron at 1 minute before the hour. Depending on how long it takes
to process your logs, you might need to tweak.
--
bk
CA cert: http://www.smtps.net/pub/smtps-dot-net-ca-2.pem
--Apple-Mail-1--1013127120
Content-Disposition: attachment;
filename=smime.p7s
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIICxDCCAsAw
ggIpAgkAxtRyYjIWj0wwDQYJKoZIhvcNAQEFBQAwgaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
YWxpZm9ybmlhMRQwEgYDVQQHEwtTYW50YSBDbGFyYTESMBAGA1UEChMJU01UUFMubmV0MR0wGwYD
VQQLExRJbmZvcm1hdGlvbiBTZWN1cml0eTEYMBYGA1UEAxQPU01UUFMubmV0IENBICMyMR4wHAYJ
KoZIhvcNAQkBFg9hZG1pbkBzbXRwcy5uZXQwHhcNMDgxMDIzMTgwOTIxWhcNMTgxMDIxMTgwOTIx
WjCBojELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENs
YXJhMRIwEAYDVQQKEwlTTVRQUy5uZXQxHTAbBgNVBAsTFEluZm9ybWF0aW9uIFNlY3VyaXR5MRUw
EwYDVQQDEwxCcmlhbiBLZWVmZXIxHjAcBgkqhkiG9w0BCQEWD2Nob3J0QHNtdHBzLm5ldDCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvQRcsZtKlL+YfHBHSfVHOloPRKakA/v5MU0JN3Bc2hvT
ZgDn74IE8XWYvCoEOtpfN1wSVfwwzJAwHlBTdB6+2DNBpwPlZ/nZwd2W4+moWSXsv2IzfvU970Mz
DBjUuK5hUZROTmiBO/v0xBeTH/nP3+OVJcIAFIOLvo4Omp0upssCAwEAATANBgkqhkiG9w0BAQUF
AAOBgQAxED9V4Yjb+nRAbRq3LnLi6bz4RRLZ6rMntugApYRWzDsB1AHnobbUic+6K3YAXXPwbE41
AAfG99Gc4t8Kwm0WFb+MC6CaEghnyceXWZiJFCuJjik7EGROjjFtqVurqVhIxSswTmnqeF3zqDRy
vfR5XaoPPoSyqWJbK0hZmOAXeTGCA0swggNHAgEBMIGzMIGlMQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExEjAQBgNVBAoTCVNNVFBTLm5ldDEd
MBsGA1UECxMUSW5mb3JtYXRpb24gU2VjdXJpdHkxGDAWBgNVBAMUD1NNVFBTLm5ldCBDQSAjMjEe
MBwGCSqGSIb3DQEJARYPYWRtaW5Ac210cHMubmV0AgkAxtRyYjIWj0wwCQYFKw4DAhoFAKCCAe0w
GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDkwMTI1MDA1MDI1WjAj
BgkqhkiG9w0BCQQxFgQU7CKDfbCXzMO1WEgYMGoS7tbm320wgcQGCSsGAQQBgjcQBDGBtjCBszCB
pTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJh
MRIwEAYDVQQKEwlTTVRQUy5uZXQxHTAbBgNVBAsTFEluZm9ybWF0aW9uIFNlY3VyaXR5MRgwFgYD
VQQDFA9TTVRQUy5uZXQgQ0EgIzIxHjAcBgkqhkiG9w0BCQEWD2FkbWluQHNtdHBzLm5ldAIJAMbU
cmIyFo9MMIHGBgsqhkiG9w0BCRACCzGBtqCBszCBpTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh
bGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMRIwEAYDVQQKEwlTTVRQUy5uZXQxHTAbBgNV
BAsTFEluZm9ybWF0aW9uIFNlY3VyaXR5MRgwFgYDVQQDFA9TTVRQUy5uZXQgQ0EgIzIxHjAcBgkq
hkiG9w0BCQEWD2FkbWluQHNtdHBzLm5ldAIJAMbUcmIyFo9MMA0GCSqGSIb3DQEBAQUABIGAgs7S
CRknfUiTp0J7omSm2rruM3lZkBcCXDf0o821AZM39xjmtavMPro7nsH4FXUPmzdFjSM12l+BUqwV
mx48ktBL3OXVt5lpk0zPjWF48jbKTYkSspfqMTgz6WclmLKlLQ5ZFE7iaYPvAQOIfMhFZBny+YnY
l6t+MBgII5PE+9UAAAAAAAA=
--Apple-Mail-1--1013127120--
