Thanks Wesley, That helps a bunch. In this case it is a Centos box, but I don't think that is going to cause any problems.
Dave On Thu, 2014-02-27 at 13:19 -0600, Wesley Duffee-Brahun wrote: > Hi Dave, > > > Here is a link about someone who went through your scenario with a DNS > server and DDOS > > > https://www.debian-administration.org/article/Blocking_a_DNS_DDOS_using_the_fail2ban_package > > > > Debian, not sure what you are running, but Fail2Ban should be similar > setup. > > > - Wesley > > > > > On Thu, Feb 27, 2014 at 1:15 PM, David R. Wilson <da...@wwns.com> > wrote: > Thanks Guys, > > That is part of the problem. Charter as best I can tell > refuses to > block anything. The fail2ban program looks like it might > work. It > looks like just a ping to verify the address is legitimate and > drop the > packet if there is no response would be one way to do it. > > I will stare at the fail2ban program docs a bit and see what > that is > going to require. > > Dave > > On Thu, 2014-02-27 at 13:02 -0600, Tilghman Lesher wrote: > > On Thu, Feb 27, 2014 at 12:29 PM, David R. Wilson > <da...@wwns.com> wrote: > > > I have had a problem with non resolvable IP addresses > hitting my DNS > > > server (running BIND9) and eating up bandwidth. I am sure > there is some > > > instructions on how to assure the IP numbers resolve, but > I apparently > > > missed the instructions. > > > > > > Some of those addresses I put into firewall rules to drop > the inquiry. > > > Since then someone decided random IP addresses were more > fun. Rate > > > limiting doesn't seem to help. > > > > > > Anyone in the group have the short story on how to fix > this? > > > > I'm guessing you're talking about non-routable addresses? > Ultimately, > > it's going to have to be solved by your upstream backbone > provider, in > > terms of blocking packets with forged source addresses, > since that's > > the nature of the problem. > > > > -- > > Tilghman > > > > -- > > > -- > -- > You received this message because you are subscribed to the > Google Groups "NLUG" group. > To post to this group, send email to > nlug-talk@googlegroups.com > To unsubscribe from this group, send email to nlug-talk > +unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > --- > You received this message because you are subscribed to the > Google Groups "NLUG" group. > To unsubscribe from this group and stop receiving emails from > it, send an email to nlug-talk+unsubscr...@googlegroups.com. > For more options, visit > https://groups.google.com/groups/opt_out. > > > > > > -- > http://www.wesleyduffeebraun.com > > > -- > -- > You received this message because you are subscribed to the Google > Groups "NLUG" group. > To post to this group, send email to nlug-talk@googlegroups.com > To unsubscribe from this group, send email to nlug-talk > +unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > --- > You received this message because you are subscribed to the Google > Groups "NLUG" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to nlug-talk+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to nlug-talk+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.