Tightened DNS security question re: DNS amplification attacks. [SEC=UNCLASSIFIED]

• Previous message (by thread): Tightened DNS security question re: DNS amplification attacks.
• Next message (by thread): Tightened DNS security question re: DNS amplification attacks. [SEC=UNCLASSIFIED]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I still see a few new ones each day, here is my current bind acl for
blocking them:

acl blacknet {
69.50.142.11/32;
66.230.160.1/32;
66.230.128.15/32;
76.9.16.171/32;
63.217.28.226/32;
206.71.158.30/32;
64.57.246.146/32;
67.192.144.0/32;
};

These have all been seen in the last few days, verified by hand.

DZ

-----Original Message-----
From: John Martinez [mailto:jmartinez at zero11.com]
Sent: Wednesday, 28 January 2009 11:59 AM
Cc: nanog at nanog.org
Subject: Re: Tightened DNS security question re: DNS amplification
attacks.

Are we still seeing DNS DDoS attack?


If you have received this email in error, please notify the sender immediately and erase all copies of the email and any attachments to it. The information contained in this email and any attachments may be private, confidential and legally privileged or the subject of copyright. If you are not the addressee it may be illegal to review, disclose, use, forward, or distribute this email and/or its contents.
 
Unless otherwise specified, the information in the email and any attachments is intended as a guide only and should not be relied upon as legal or technical advice or regarded as a substitute for legal or technical advice in individual cases. Opinions contained in this email or any of its attachments do not necessarily reflect the opinions of ACMA.

• Previous message (by thread): Tightened DNS security question re: DNS amplification attacks.
• Next message (by thread): Tightened DNS security question re: DNS amplification attacks. [SEC=UNCLASSIFIED]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]