> With 2 views ddos trace looks much better: > > 17:40:21.483188 186.149.116.55.80 > 91.216.35.171.53: [no udp cksum] 1+ > > RRSIG? pizzaseo.com.(30) (ttl 242, id 21165, len 58) > 17:40:21.483470 91.216.35.171.53 > 186.149.116.55.80: [udp sum ok] 1 > > Refused- q: RRSIG? pizzaseo.com. 0/0/0(30) (DF) (ttl 64, id 0, len 58) > > Hopefully, they give up in some days, if there is no amplification any > more.
They don't ever give up. I see one or two of these RRSIG? pizzaseo.com. queries every few days and even when I agressively packet filter the ones that appear likely to be real probes from malicious actors as opposed to bogus queries from forged ip addresses targetting innocents, return "refused" for the others and minimise the number of "refused" packets I send out by using "errors-per-second 1", they still keep on trying. The most recent one I've seen was three days ago but there could have been more since then that hit the packet filters when I wasn't paying attention. Regards, Peter Coghlan.
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
