[110966] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

RE: Tracking the DNS amplification attacks (was: isprime DOS in

daemon@ATHENA.MIT.EDU (Frank Bulk)
Sat Jan 24 22:01:26 2009

From: "Frank Bulk" <frnkblk@iname.com>
To: <nanog@nanog.org>
In-Reply-To: <B56009C3-A981-41B4-9383-4E2622E36C90@smtps.net>
Date: Sat, 24 Jan 2009 21:00:53 -0600
Errors-To: nanog-bounces@nanog.org

I would not recommend sucking in your dns log into array, rather, read line
by line and iterate over the file, line by line.

Frank

-----Original Message-----
From: Brian Keefer [mailto:chort@smtps.net] 
Sent: Saturday, January 24, 2009 6:50 PM
To: nanog@nanog.org
Subject: Tracking the DNS amplification attacks (was: isprime DOS in
progress)

Caveat:  my PERL is _terrible_.

http://www.smtps.net/pub/dns-amp-watch.pl

This assumes you're using BIND.  My logs roll on the hour, so I run it  
from cron at 1 minute before the hour.  Depending on how long it takes  
to process your logs, you might need to tweak.

--
bk
CA cert:  http://www.smtps.net/pub/smtps-dot-net-ca-2.pem


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[110966] in North American Network Operators' Group

RE: Tracking the DNS amplification attacks (was: isprime DOS in

daemon@ATHENA.MIT.EDU (Frank Bulk)Sat Jan 24 22:01:26 2009

daemon@ATHENA.MIT.EDU (Frank Bulk)
Sat Jan 24 22:01:26 2009