To add to david's problems, "youvebeenowned.org" seems to have found an exploit. While the domain name does not resolve, the IP shows a little of their handiwork.
On Thu, Feb 27, 2014 at 4:41 PM, Wesley Duffee-Braun <[email protected]>wrote: > Good deal - let me know if you have any issues! > > > On Thu, Feb 27, 2014 at 3:33 PM, David R. Wilson <[email protected]> wrote: > >> Thanks Wesley, >> >> That helps a bunch. In this case it is a Centos box, but I don't think >> that is going to cause any problems. >> >> Dave >> >> On Thu, 2014-02-27 at 13:19 -0600, Wesley Duffee-Brahun wrote: >> > Hi Dave, >> > >> > >> > Here is a link about someone who went through your scenario with a DNS >> > server and DDOS >> > >> > >> > >> https://www.debian-administration.org/article/Blocking_a_DNS_DDOS_using_the_fail2ban_package >> > >> > >> > >> > Debian, not sure what you are running, but Fail2Ban should be similar >> > setup. >> > >> > >> > - Wesley >> > >> > >> > >> > >> > On Thu, Feb 27, 2014 at 1:15 PM, David R. Wilson <[email protected]> >> > wrote: >> > Thanks Guys, >> > >> > That is part of the problem. Charter as best I can tell >> > refuses to >> > block anything. The fail2ban program looks like it might >> > work. It >> > looks like just a ping to verify the address is legitimate and >> > drop the >> > packet if there is no response would be one way to do it. >> > >> > I will stare at the fail2ban program docs a bit and see what >> > that is >> > going to require. >> > >> > Dave >> > >> > On Thu, 2014-02-27 at 13:02 -0600, Tilghman Lesher wrote: >> > > On Thu, Feb 27, 2014 at 12:29 PM, David R. Wilson >> > <[email protected]> wrote: >> > > > I have had a problem with non resolvable IP addresses >> > hitting my DNS >> > > > server (running BIND9) and eating up bandwidth. I am sure >> > there is some >> > > > instructions on how to assure the IP numbers resolve, but >> > I apparently >> > > > missed the instructions. >> > > > >> > > > Some of those addresses I put into firewall rules to drop >> > the inquiry. >> > > > Since then someone decided random IP addresses were more >> > fun. Rate >> > > > limiting doesn't seem to help. >> > > > >> > > > Anyone in the group have the short story on how to fix >> > this? >> > > >> > > I'm guessing you're talking about non-routable addresses? >> > Ultimately, >> > > it's going to have to be solved by your upstream backbone >> > provider, in >> > > terms of blocking packets with forged source addresses, >> > since that's >> > > the nature of the problem. >> > > >> > > -- >> > > Tilghman >> > > >> > > -- >> > >> > >> > -- >> > -- >> > You received this message because you are subscribed to the >> > Google Groups "NLUG" group. >> > To post to this group, send email to >> > [email protected] >> > To unsubscribe from this group, send email to nlug-talk >> > [email protected] >> > For more options, visit this group at >> > http://groups.google.com/group/nlug-talk?hl=en >> > >> > --- >> > You received this message because you are subscribed to the >> > Google Groups "NLUG" group. >> > To unsubscribe from this group and stop receiving emails from >> > it, send an email to [email protected]. >> > For more options, visit >> > https://groups.google.com/groups/opt_out. >> > >> > >> > >> > >> > >> > -- >> > http://www.wesleyduffeebraun.com >> > >> > >> > -- >> > -- >> > You received this message because you are subscribed to the Google >> > Groups "NLUG" group. >> > To post to this group, send email to [email protected] >> > To unsubscribe from this group, send email to nlug-talk >> > [email protected] >> > For more options, visit this group at >> > http://groups.google.com/group/nlug-talk?hl=en >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups "NLUG" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. >> >> >> -- >> -- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To post to this group, send email to [email protected] >> To unsubscribe from this group, send email to >> [email protected] >> For more options, visit this group at >> http://groups.google.com/group/nlug-talk?hl=en >> >> --- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. >> > > > > -- > http://www.wesleyduffeebraun.com > <http://www.ashevillephotobooth.com> > > -- > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
