In message <260425.38131...@web38201.mail.mud.yahoo.com>, W Sanders writes:
> The easy way to block people trying to DoS you, without needing a firewall,
> is to just null route their IP: "add route
> 1.2.3.4 127.0.0.1". Of course this blocks ALL traffic from that IP, but in
> most cases the IP trying to DoS you is someo
> ne you don't care about anyway. If you have an authoritative server, this has
> the side effect of blocking them from get
> ting any DNS about your domain - USUALLY a good thing.
>
> Remember to remove the route after a while (in Unix with an "at" job) so a
> year from now you or another sysadmin isn't
> completely confused - the routing table on a server isn't exactly the first
> thing one looks at.
>
> You can also write a script that grabs these IPs out of the syslog and
> automatically null routes them. Call it "intrusi
> on detection" if you will.
>
> -w
Which does collateral damage.
Complain to your ISP if you are receiving these forged queries.
they should be tracked back to their source and eliminated.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users