Tracking the DNS amplification attacks (was: isprime DOS in progress)

• Previous message (by thread): isprime DOS in progress
• Next message (by thread): Tracking the DNS amplification attacks (was: isprime DOS in progress)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Caveat:  my PERL is _terrible_.

http://www.smtps.net/pub/dns-amp-watch.pl

This assumes you're using BIND.  My logs roll on the hour, so I run it  
from cron at 1 minute before the hour.  Depending on how long it takes  
to process your logs, you might need to tweak.

--
bk
CA cert:  http://www.smtps.net/pub/smtps-dot-net-ca-2.pem

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1613 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20090124/d4bf4b96/attachment.bin>

• Previous message (by thread): isprime DOS in progress
• Next message (by thread): Tracking the DNS amplification attacks (was: isprime DOS in progress)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]