relays.osirusoft.com

• Previous message (by thread): relays.osirusoft.com
• Next message (by thread): relays.osirusoft.com
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ok this time with the correct from address ;-)

Paul Vixie wrote:

>ok so this part does not mystify me...
>
>  
>
>>Someone has been in contact with Joe via phone and posted
>>to another mailing list That Zhall Not Be Named that
>>exactly that is happening.  The zone is dead, ...
>>    
>>
>
>...because running blackhole lists is surprisingly more hard
>than most people think.  (witness the sorbs.net message here
>a few hours ago complaining of 50Kpkt/day query loads.)  i've
>paid some dues in this area, so i feel qualified to say that
>"i told you so" on this topic.  but at least there's no mystery.
>
I'm not worried about the 50k queries a day, the previous mail was about
setting this a threshold as a 'ok you're saving some money/bandwidth by
using us, help us extend the service and protect against DDoS by paying
a nominal subscription'

I can handle around 6000 DNS queries per second here, but the DDoS hit
the servers with 300,000 packets per second of invalid DDoS crap that I
can't handle alone.

I have been talking to a lot of people about solutions and came up with
a 'distributed DNS blocklist' idea, this led to my post earlier as Joe
had issues with DDoS on the addresses he had listed in the root
nameservers - which I figure is the weakest link all round...

Someone has suggested 'anycasting' what do people (particually you Paul)
think of using anycasting for a DNSbl? (- AS112 anyone?)  I think it may
work well... however I am a novice in terms of BGP...  As far as I can
tell it involves getting a portable address block (somone suggested
anything less than a /24 would get filtered) and announcing it in
various locations around the Net with local servers behind each of those
announcements.... is this fundamentally correct?

Assuming I am right in my current understanding, I am about to start
looking at the proceedure to get an ASN and then I'll be looking for
some portable IP space if the consensus and thoughts are this will
work.  I am thinking along the lines of talking with the other large
DNSbls (particually Easynet (wirehub) and DSBL) about setting up a set
of combined DNSbl servers all anycast'd.  This after all will bring an
DDoS machines to the attention of the local networks they are attacking
.... ;-)

Thoughts, comments, flames...?

Thanks for all the offers of support and help, I will get back to
everyone in detail as soon as I get chance.

Yours

Mat

• Previous message (by thread): relays.osirusoft.com
• Next message (by thread): relays.osirusoft.com
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]