[110972] in North American Network Operators' Group
Re: Tracking the DNS amplification attacks (was: isprime DOS in
daemon@ATHENA.MIT.EDU (Brian Keefer)
Sun Jan 25 04:23:07 2009
From: Brian Keefer <chort@smtps.net>
To: Frank Bulk <frnkblk@iname.com>, nanog@nanog.org
In-Reply-To: <!&!AAAAAAAAAAAuAAAAAAAAAKTyXRN5/+lGvU59a+P7CFMBAN6gY+ZG84BMpVQcAbDh1IQAAAATbSgAABAAAADKmUdbrpmRTrsB82N9UjfvAQAAAAA=@iname.com>
Date: Sun, 25 Jan 2009 01:22:51 -0800
Errors-To: nanog-bounces@nanog.org
--Apple-Mail-2--982379061
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
On Jan 24, 2009, at 7:00 PM, Frank Bulk wrote:
>
> -----Original Message-----
> From: Brian Keefer [mailto:chort@smtps.net]
>
> Caveat: my PERL is _terrible_.
>
> http://www.smtps.net/pub/dns-amp-watch.pl
>
> I would not recommend sucking in your dns log into array, rather,
> read line
> by line and iterate over the file, line by line.
>
> Frank
Yep, you're absolutely right. I copied that bit from another script
without thinking.
It's fixed now, along with the logic error on an empty array. Thanks
for the feedback.
--
bk
--Apple-Mail-2--982379061
Content-Disposition: attachment;
filename=smime.p7s
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIICxDCCAsAw
ggIpAgkAxtRyYjIWj0wwDQYJKoZIhvcNAQEFBQAwgaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
YWxpZm9ybmlhMRQwEgYDVQQHEwtTYW50YSBDbGFyYTESMBAGA1UEChMJU01UUFMubmV0MR0wGwYD
VQQLExRJbmZvcm1hdGlvbiBTZWN1cml0eTEYMBYGA1UEAxQPU01UUFMubmV0IENBICMyMR4wHAYJ
KoZIhvcNAQkBFg9hZG1pbkBzbXRwcy5uZXQwHhcNMDgxMDIzMTgwOTIxWhcNMTgxMDIxMTgwOTIx
WjCBojELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENs
YXJhMRIwEAYDVQQKEwlTTVRQUy5uZXQxHTAbBgNVBAsTFEluZm9ybWF0aW9uIFNlY3VyaXR5MRUw
EwYDVQQDEwxCcmlhbiBLZWVmZXIxHjAcBgkqhkiG9w0BCQEWD2Nob3J0QHNtdHBzLm5ldDCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvQRcsZtKlL+YfHBHSfVHOloPRKakA/v5MU0JN3Bc2hvT
ZgDn74IE8XWYvCoEOtpfN1wSVfwwzJAwHlBTdB6+2DNBpwPlZ/nZwd2W4+moWSXsv2IzfvU970Mz
DBjUuK5hUZROTmiBO/v0xBeTH/nP3+OVJcIAFIOLvo4Omp0upssCAwEAATANBgkqhkiG9w0BAQUF
AAOBgQAxED9V4Yjb+nRAbRq3LnLi6bz4RRLZ6rMntugApYRWzDsB1AHnobbUic+6K3YAXXPwbE41
AAfG99Gc4t8Kwm0WFb+MC6CaEghnyceXWZiJFCuJjik7EGROjjFtqVurqVhIxSswTmnqeF3zqDRy
vfR5XaoPPoSyqWJbK0hZmOAXeTGCA0swggNHAgEBMIGzMIGlMQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExEjAQBgNVBAoTCVNNVFBTLm5ldDEd
MBsGA1UECxMUSW5mb3JtYXRpb24gU2VjdXJpdHkxGDAWBgNVBAMUD1NNVFBTLm5ldCBDQSAjMjEe
MBwGCSqGSIb3DQEJARYPYWRtaW5Ac210cHMubmV0AgkAxtRyYjIWj0wwCQYFKw4DAhoFAKCCAe0w
GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDkwMTI1MDkyMjUyWjAj
BgkqhkiG9w0BCQQxFgQU1I4TNTl4TBhAT5PRL+u8J8N3n4gwgcQGCSsGAQQBgjcQBDGBtjCBszCB
pTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJh
MRIwEAYDVQQKEwlTTVRQUy5uZXQxHTAbBgNVBAsTFEluZm9ybWF0aW9uIFNlY3VyaXR5MRgwFgYD
VQQDFA9TTVRQUy5uZXQgQ0EgIzIxHjAcBgkqhkiG9w0BCQEWD2FkbWluQHNtdHBzLm5ldAIJAMbU
cmIyFo9MMIHGBgsqhkiG9w0BCRACCzGBtqCBszCBpTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh
bGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMRIwEAYDVQQKEwlTTVRQUy5uZXQxHTAbBgNV
BAsTFEluZm9ybWF0aW9uIFNlY3VyaXR5MRgwFgYDVQQDFA9TTVRQUy5uZXQgQ0EgIzIxHjAcBgkq
hkiG9w0BCQEWD2FkbWluQHNtdHBzLm5ldAIJAMbUcmIyFo9MMA0GCSqGSIb3DQEBAQUABIGAi9dF
MIvkH9I8WXJ5CJccMtFCWAjh89X1yVxq35wmbDZ3xp1TjNwTFI/GJqFiDcCQYpGx5WKS9amQgUFb
+8SqInP8OpqlJVaf6xWAoEPS+yoLdCy8BLe/arEDTal2kxHVEwnAL4z5rKbGDHO6C1fja00hDsdI
BUgDotf9+nDGOA8AAAAAAAA=
--Apple-Mail-2--982379061--
