Looks like I picked the wrong week to quit sniffing glue. On Fri, Feb 28, 2014 at 8:05 AM, David R. Wilson <[email protected]> wrote: > Obviously today was a bad day to stop drinking.... > > Dave > > > On Fri, 2014-02-28 at 07:15 -0500, Bill Woody wrote: >> And I thought "youvebeenowned.org" was another group of black hats! I >> have GOT to stop waiting so late in the day to start drinking. >> >> >> On Thu, Feb 27, 2014 at 6:21 PM, Bill Woody <[email protected]> >> wrote: >> To add to david's problems, "youvebeenowned.org" seems to have >> found an exploit. >> While the domain name does not resolve, the IP shows a little >> of their handiwork. >> >> >> >> >> >> >> >> >> On Thu, Feb 27, 2014 at 4:41 PM, Wesley Duffee-Braun >> <[email protected]> wrote: >> Good deal - let me know if you have any issues! >> >> >> On Thu, Feb 27, 2014 at 3:33 PM, David R. Wilson >> <[email protected]> wrote: >> Thanks Wesley, >> >> That helps a bunch. In this case it is a >> Centos box, but I don't think >> that is going to cause any problems. >> >> Dave >> >> On Thu, 2014-02-27 at 13:19 -0600, Wesley >> Duffee-Brahun wrote: >> > Hi Dave, >> > >> > >> > Here is a link about someone who went >> through your scenario with a DNS >> > server and DDOS >> > >> > >> > >> >> https://www.debian-administration.org/article/Blocking_a_DNS_DDOS_using_the_fail2ban_package >> > >> > >> > >> > Debian, not sure what you are running, but >> Fail2Ban should be similar >> > setup. >> > >> > >> > - Wesley >> > >> > >> > >> > >> > On Thu, Feb 27, 2014 at 1:15 PM, David R. >> Wilson <[email protected]> >> > wrote: >> > Thanks Guys, >> > >> > That is part of the problem. >> Charter as best I can tell >> > refuses to >> > block anything. The fail2ban >> program looks like it might >> > work. It >> > looks like just a ping to verify the >> address is legitimate and >> > drop the >> > packet if there is no response would >> be one way to do it. >> > >> > I will stare at the fail2ban program >> docs a bit and see what >> > that is >> > going to require. >> > >> > Dave >> > >> > On Thu, 2014-02-27 at 13:02 -0600, >> Tilghman Lesher wrote: >> > > On Thu, Feb 27, 2014 at 12:29 PM, >> David R. Wilson >> > <[email protected]> wrote: >> > > > I have had a problem with non >> resolvable IP addresses >> > hitting my DNS >> > > > server (running BIND9) and >> eating up bandwidth. I am sure >> > there is some >> > > > instructions on how to assure >> the IP numbers resolve, but >> > I apparently >> > > > missed the instructions. >> > > > >> > > > Some of those addresses I put >> into firewall rules to drop >> > the inquiry. >> > > > Since then someone decided >> random IP addresses were more >> > fun. Rate >> > > > limiting doesn't seem to help. >> > > > >> > > > Anyone in the group have the >> short story on how to fix >> > this? >> > > >> > > I'm guessing you're talking about >> non-routable addresses? >> > Ultimately, >> > > it's going to have to be solved by >> your upstream backbone >> > provider, in >> > > terms of blocking packets with >> forged source addresses, >> > since that's >> > > the nature of the problem. >> > > >> > > -- >> > > Tilghman >> > > >> > > -- >> > >> > >> > -- >> > -- >> > You received this message because >> you are subscribed to the >> > Google Groups "NLUG" group. >> > To post to this group, send email to >> > [email protected] >> > To unsubscribe from this group, send >> email to nlug-talk >> > [email protected] >> > For more options, visit this group >> at >> > >> http://groups.google.com/group/nlug-talk?hl=en >> > >> > --- >> > You received this message because >> you are subscribed to the >> > Google Groups "NLUG" group. >> > To unsubscribe from this group and >> stop receiving emails from >> > it, send an email to nlug-talk >> [email protected]. >> > For more options, visit >> > >> https://groups.google.com/groups/opt_out. >> > >> > >> > >> > >> > >> > -- >> > http://www.wesleyduffeebraun.com >> > >> > >> > -- >> > -- >> > You received this message because you are >> subscribed to the Google >> > Groups "NLUG" group. >> > To post to this group, send email to >> [email protected] >> > To unsubscribe from this group, send email >> to nlug-talk >> > [email protected] >> > For more options, visit this group at >> > >> http://groups.google.com/group/nlug-talk?hl=en >> > >> > --- >> > You received this message because you are >> subscribed to the Google >> > Groups "NLUG" group. >> > To unsubscribe from this group and stop >> receiving emails from it, send >> > an email to nlug-talk >> [email protected]. >> > For more options, visit >> https://groups.google.com/groups/opt_out. >> >> >> -- >> -- >> You received this message because you are >> subscribed to the Google Groups "NLUG" group. >> To post to this group, send email to >> [email protected] >> To unsubscribe from this group, send email to >> [email protected] >> For more options, visit this group at >> http://groups.google.com/group/nlug-talk?hl=en >> >> --- >> You received this message because you are >> subscribed to the Google Groups "NLUG" group. >> To unsubscribe from this group and stop >> receiving emails from it, send an email to >> [email protected]. >> For more options, visit >> https://groups.google.com/groups/opt_out. >> >> >> >> >> >> -- >> http://www.wesleyduffeebraun.com >> >> >> -- >> >> >> > > -- > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out.
-- Tilghman -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
