Tracking the DNS amplification attacks (was: isprime DOS in progress)
chort at smtps.net
Sun Jan 25 00:50:24 UTC 2009
Caveat: my PERL is _terrible_.
This assumes you're using BIND. My logs roll on the hour, so I run it
from cron at 1 minute before the hour. Depending on how long it takes
to process your logs, you might need to tweak.
CA cert: http://www.smtps.net/pub/smtps-dot-net-ca-2.pem
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1613 bytes
Desc: not available
More information about the NANOG