Tracking the DNS amplification attacks (was: isprime DOS in progress)

Brian Keefer chort at
Sun Jan 25 00:50:24 UTC 2009

Caveat:  my PERL is _terrible_.

This assumes you're using BIND.  My logs roll on the hour, so I run it  
from cron at 1 minute before the hour.  Depending on how long it takes  
to process your logs, you might need to tweak.

CA cert:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1613 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list