The easy way to block people trying to DoS you, without needing a firewall, is
to just null route their IP: "add route 1.2.3.4 127.0.0.1". Of course this
blocks ALL traffic from that IP, but in most cases the IP trying to DoS you is
someone you don't care about anyway. If you have an authoritative server, this
has the side effect of blocking them from getting any DNS about your domain -
USUALLY a good thing.
Remember to remove the route after a while (in Unix with an "at" job) so a year
from now you or another sysadmin isn't completely confused - the routing table
on a server isn't exactly the first thing one looks at.
You can also write a script that grabs these IPs out of the syslog and
automatically null routes them. Call it "intrusion detection" if you will.
-w
_______________________________________________
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
