Obviously today was a bad day to stop drinking.... Dave
On Fri, 2014-02-28 at 07:15 -0500, Bill Woody wrote: > And I thought "youvebeenowned.org" was another group of black hats! I > have GOT to stop waiting so late in the day to start drinking. > > > On Thu, Feb 27, 2014 at 6:21 PM, Bill Woody <woody39...@gmail.com> > wrote: > To add to david's problems, "youvebeenowned.org" seems to have > found an exploit. > While the domain name does not resolve, the IP shows a little > of their handiwork. > > > > > > > > > On Thu, Feb 27, 2014 at 4:41 PM, Wesley Duffee-Braun > <wduf...@gmail.com> wrote: > Good deal - let me know if you have any issues! > > > On Thu, Feb 27, 2014 at 3:33 PM, David R. Wilson > <da...@wwns.com> wrote: > Thanks Wesley, > > That helps a bunch. In this case it is a > Centos box, but I don't think > that is going to cause any problems. > > Dave > > On Thu, 2014-02-27 at 13:19 -0600, Wesley > Duffee-Brahun wrote: > > Hi Dave, > > > > > > Here is a link about someone who went > through your scenario with a DNS > > server and DDOS > > > > > > > > https://www.debian-administration.org/article/Blocking_a_DNS_DDOS_using_the_fail2ban_package > > > > > > > > Debian, not sure what you are running, but > Fail2Ban should be similar > > setup. > > > > > > - Wesley > > > > > > > > > > On Thu, Feb 27, 2014 at 1:15 PM, David R. > Wilson <da...@wwns.com> > > wrote: > > Thanks Guys, > > > > That is part of the problem. > Charter as best I can tell > > refuses to > > block anything. The fail2ban > program looks like it might > > work. It > > looks like just a ping to verify the > address is legitimate and > > drop the > > packet if there is no response would > be one way to do it. > > > > I will stare at the fail2ban program > docs a bit and see what > > that is > > going to require. > > > > Dave > > > > On Thu, 2014-02-27 at 13:02 -0600, > Tilghman Lesher wrote: > > > On Thu, Feb 27, 2014 at 12:29 PM, > David R. Wilson > > <da...@wwns.com> wrote: > > > > I have had a problem with non > resolvable IP addresses > > hitting my DNS > > > > server (running BIND9) and > eating up bandwidth. I am sure > > there is some > > > > instructions on how to assure > the IP numbers resolve, but > > I apparently > > > > missed the instructions. > > > > > > > > Some of those addresses I put > into firewall rules to drop > > the inquiry. > > > > Since then someone decided > random IP addresses were more > > fun. Rate > > > > limiting doesn't seem to help. > > > > > > > > Anyone in the group have the > short story on how to fix > > this? > > > > > > I'm guessing you're talking about > non-routable addresses? > > Ultimately, > > > it's going to have to be solved by > your upstream backbone > > provider, in > > > terms of blocking packets with > forged source addresses, > > since that's > > > the nature of the problem. > > > > > > -- > > > Tilghman > > > > > > -- > > > > > > -- > > -- > > You received this message because > you are subscribed to the > > Google Groups "NLUG" group. > > To post to this group, send email to > > nlug-talk@googlegroups.com > > To unsubscribe from this group, send > email to nlug-talk > > +unsubscr...@googlegroups.com > > For more options, visit this group > at > > > http://groups.google.com/group/nlug-talk?hl=en > > > > --- > > You received this message because > you are subscribed to the > > Google Groups "NLUG" group. > > To unsubscribe from this group and > stop receiving emails from > > it, send an email to nlug-talk > +unsubscr...@googlegroups.com. > > For more options, visit > > > https://groups.google.com/groups/opt_out. > > > > > > > > > > > > -- > > http://www.wesleyduffeebraun.com > > > > > > -- > > -- > > You received this message because you are > subscribed to the Google > > Groups "NLUG" group. > > To post to this group, send email to > nlug-talk@googlegroups.com > > To unsubscribe from this group, send email > to nlug-talk > > +unsubscr...@googlegroups.com > > For more options, visit this group at > > > http://groups.google.com/group/nlug-talk?hl=en > > > > --- > > You received this message because you are > subscribed to the Google > > Groups "NLUG" group. > > To unsubscribe from this group and stop > receiving emails from it, send > > an email to nlug-talk > +unsubscr...@googlegroups.com. > > For more options, visit > https://groups.google.com/groups/opt_out. > > > -- > -- > You received this message because you are > subscribed to the Google Groups "NLUG" group. > To post to this group, send email to > nlug-talk@googlegroups.com > To unsubscribe from this group, send email to > nlug-talk+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > --- > You received this message because you are > subscribed to the Google Groups "NLUG" group. > To unsubscribe from this group and stop > receiving emails from it, send an email to > nlug-talk+unsubscr...@googlegroups.com. > For more options, visit > https://groups.google.com/groups/opt_out. > > > > > > -- > http://www.wesleyduffeebraun.com > > > -- > > > -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to nlug-talk+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.