isprime DOS in progress

• Previous message (by thread): isprime DOS in progress, and Re: DNS Amplification attack?
• Next message (by thread): isprime DOS in progress
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Graeme Fowler wrote:
> On Tue, 2009-01-20 at 14:55 -0600, Todd T. Fries forwarded:

> I've been seeing a lot of noise from the latter two addresses after
> switching on query logging (and finishing an application of Team Cymru's
> excellent template) so I decided to DROP traffic from the addresses
> (with source port != 53) at the hosts in question.
>
> Well, blow me down if they didn't completely stop talking to me. Four
> dropped packets each, and they've gone away.
>   

I've seen that behaviour in the past, but not this time?

I've seen a few of these attacks bouncing off my nameservers recently, 
and when I add "DROP" rules to my firewall, the incoming traffic 
disappears soon after. But the most recent set (66.230.160.1 and 
66.230.128.15) are still hammering away...

-- 
Harald

• Previous message (by thread): isprime DOS in progress, and Re: DNS Amplification attack?
• Next message (by thread): isprime DOS in progress
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]