isprime DOS in progress
Harald Koch
chk at pobox.com
Wed Jan 21 18:24:22 UTC 2009
Graeme Fowler wrote:
> On Tue, 2009-01-20 at 14:55 -0600, Todd T. Fries forwarded:
> I've been seeing a lot of noise from the latter two addresses after
> switching on query logging (and finishing an application of Team Cymru's
> excellent template) so I decided to DROP traffic from the addresses
> (with source port != 53) at the hosts in question.
>
> Well, blow me down if they didn't completely stop talking to me. Four
> dropped packets each, and they've gone away.
>
I've seen that behaviour in the past, but not this time?
I've seen a few of these attacks bouncing off my nameservers recently,
and when I add "DROP" rules to my firewall, the incoming traffic
disappears soon after. But the most recent set (66.230.160.1 and
66.230.128.15) are still hammering away...
--
Harald
More information about the NANOG
mailing list