And I thought "youvebeenowned.org" was another group of black hats! I have GOT to stop waiting so late in the day to start drinking.
On Thu, Feb 27, 2014 at 6:21 PM, Bill Woody <[email protected]> wrote: > To add to david's problems, "youvebeenowned.org" seems to have found an > exploit. > While the domain name does not resolve, the IP shows a little of their > handiwork. > > > > > > > On Thu, Feb 27, 2014 at 4:41 PM, Wesley Duffee-Braun <[email protected]>wrote: > >> Good deal - let me know if you have any issues! >> >> >> On Thu, Feb 27, 2014 at 3:33 PM, David R. Wilson <[email protected]> wrote: >> >>> Thanks Wesley, >>> >>> That helps a bunch. In this case it is a Centos box, but I don't think >>> that is going to cause any problems. >>> >>> Dave >>> >>> On Thu, 2014-02-27 at 13:19 -0600, Wesley Duffee-Brahun wrote: >>> > Hi Dave, >>> > >>> > >>> > Here is a link about someone who went through your scenario with a DNS >>> > server and DDOS >>> > >>> > >>> > >>> https://www.debian-administration.org/article/Blocking_a_DNS_DDOS_using_the_fail2ban_package >>> > >>> > >>> > >>> > Debian, not sure what you are running, but Fail2Ban should be similar >>> > setup. >>> > >>> > >>> > - Wesley >>> > >>> > >>> > >>> > >>> > On Thu, Feb 27, 2014 at 1:15 PM, David R. Wilson <[email protected]> >>> > wrote: >>> > Thanks Guys, >>> > >>> > That is part of the problem. Charter as best I can tell >>> > refuses to >>> > block anything. The fail2ban program looks like it might >>> > work. It >>> > looks like just a ping to verify the address is legitimate and >>> > drop the >>> > packet if there is no response would be one way to do it. >>> > >>> > I will stare at the fail2ban program docs a bit and see what >>> > that is >>> > going to require. >>> > >>> > Dave >>> > >>> > On Thu, 2014-02-27 at 13:02 -0600, Tilghman Lesher wrote: >>> > > On Thu, Feb 27, 2014 at 12:29 PM, David R. Wilson >>> > <[email protected]> wrote: >>> > > > I have had a problem with non resolvable IP addresses >>> > hitting my DNS >>> > > > server (running BIND9) and eating up bandwidth. I am sure >>> > there is some >>> > > > instructions on how to assure the IP numbers resolve, but >>> > I apparently >>> > > > missed the instructions. >>> > > > >>> > > > Some of those addresses I put into firewall rules to drop >>> > the inquiry. >>> > > > Since then someone decided random IP addresses were more >>> > fun. Rate >>> > > > limiting doesn't seem to help. >>> > > > >>> > > > Anyone in the group have the short story on how to fix >>> > this? >>> > > >>> > > I'm guessing you're talking about non-routable addresses? >>> > Ultimately, >>> > > it's going to have to be solved by your upstream backbone >>> > provider, in >>> > > terms of blocking packets with forged source addresses, >>> > since that's >>> > > the nature of the problem. >>> > > >>> > > -- >>> > > Tilghman >>> > > >>> > > -- >>> > >>> > >>> > -- >>> > -- >>> > You received this message because you are subscribed to the >>> > Google Groups "NLUG" group. >>> > To post to this group, send email to >>> > [email protected] >>> > To unsubscribe from this group, send email to nlug-talk >>> > [email protected] >>> > For more options, visit this group at >>> > http://groups.google.com/group/nlug-talk?hl=en >>> > >>> > --- >>> > You received this message because you are subscribed to the >>> > Google Groups "NLUG" group. >>> > To unsubscribe from this group and stop receiving emails from >>> > it, send an email to [email protected]. >>> > For more options, visit >>> > https://groups.google.com/groups/opt_out. >>> > >>> > >>> > >>> > >>> > >>> > -- >>> > http://www.wesleyduffeebraun.com >>> > >>> > >>> > -- >>> > -- >>> > You received this message because you are subscribed to the Google >>> > Groups "NLUG" group. >>> > To post to this group, send email to [email protected] >>> > To unsubscribe from this group, send email to nlug-talk >>> > [email protected] >>> > For more options, visit this group at >>> > http://groups.google.com/group/nlug-talk?hl=en >>> > >>> > --- >>> > You received this message because you are subscribed to the Google >>> > Groups "NLUG" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> > an email to [email protected]. >>> > For more options, visit https://groups.google.com/groups/opt_out. >>> >>> >>> -- >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "NLUG" group. >>> To post to this group, send email to [email protected] >>> To unsubscribe from this group, send email to >>> [email protected] >>> For more options, visit this group at >>> http://groups.google.com/group/nlug-talk?hl=en >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "NLUG" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >> >> >> >> -- >> http://www.wesleyduffeebraun.com >> <http://www.ashevillephotobooth.com> >> >> -- >> -- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To post to this group, send email to [email protected] >> To unsubscribe from this group, send email to >> [email protected] >> For more options, visit this group at >> http://groups.google.com/group/nlug-talk?hl=en >> >> --- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. >> > > -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
