[111067] in North American Network Operators' Group
RE: Tightened DNS security question re: DNS amplification attacks.
daemon@ATHENA.MIT.EDU (David Zielezna)
Tue Jan 27 22:32:48 2009
Date: Wed, 28 Jan 2009 14:32:30 +1100
In-Reply-To: <497FADBA.2050009@zero11.com>
From: "David Zielezna" <David.Zielezna@acma.gov.au>
To: "John Martinez" <jmartinez@zero11.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
I still see a few new ones each day, here is my current bind acl for
blocking them:
acl blacknet {
69.50.142.11/32;
66.230.160.1/32;
66.230.128.15/32;
76.9.16.171/32;
63.217.28.226/32;
206.71.158.30/32;
64.57.246.146/32;
67.192.144.0/32;
};
These have all been seen in the last few days, verified by hand.
DZ
-----Original Message-----
=46rom: John Martinez [mailto:jmartinez@zero11.com]
Sent: Wednesday, 28 January 2009 11:59 AM
Cc: nanog@nanog.org
Subject: Re: Tightened DNS security question re: DNS amplification
attacks.
Are we still seeing DNS DDoS attack=3F
If you have received this email in error, please notify the sender =
immediately and erase all copies of the email and any attachments to it. Th=
e=
information contained in this email and any attachments may be private, =
confidential and legally privileged or the subject of copyright. If you are=
=
not the addressee it may be illegal to review, disclose, use, forward, or =
=
distribute this email and/or its contents.
=20
Unless otherwise specified, the information in the email and any attachment=
s=
is intended as a guide only and should not be relied upon as legal or =
technical advice or regarded as a substitute for legal or technical advice =
=
in individual cases. Opinions contained in this email or any of its =
attachments do not necessarily reflect the opinions of ACMA.
