+--On 10 septembre 2012 10:21:30 +0200 "Marco Davids (SIDN)" <[email protected]> wrote: | On 09/05/12 16:51, Stephane Bortzmeyer wrote: |> A friend sent me the script he uses against DNS DoS attacks by |> reflection+amplification. I reject any responsability for it but I |> found it cute and geeky :-) | | It is.
I did not know of any tool that could do this, tcpdump (and no Stéphane, it's a FreeBSD 8.3, so, not old at all, though the shipped tcpdump (4.0) may be a bit old.) seemed the "right" choice :-) I also have a daily "/sbin/pfctl -t flood -T expire 86400" to tidy up a bit. Right now, the table has about 23k entries, the good thing is that "they" only use 2 of my 4 name servers so collateral would still be able to resolve the domains we serve. | 'DNS flood detector' also is a nice tool that may come in handy sooner | or later (available s package under Debian/Ubuntu): | | http://www.adotout.com/ I'll have a look, see if it's in the FreeBSD's ports tree. -- Mathieu Arnold _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
