Hi, There is a DNS Amplification attack against facebook.com in progress.
http://meetings.ripe.net/ripe-52/presentations/ripe52-plenary-dnsamp.pdf Those of you connected to the Internet especially running "open resolvers" take appropriate measures. http://technet.microsoft.com/en-us/security/hh972393.aspx Block ( drop ) these traffic early in your firewall rules or your firewall can get overloaded. I caught failed attempts to use my firewall for this. >From the logs. May 17 11:34:56.013614 rule 7/(match) block in on em1: 66.220.151.124.47369 > xxx.yyy.ddd.zzz.53: 58106 NS? . (19) May 17 11:34:56.763086 rule 7/(match) block in on em1: 66.220.151.124.47369 > xxx.yyy.ddd.zzz.53: 58107 NS? . (19) May 17 11:34:57.513318 rule 7/(match) block in on em1: 66.220.151.124.47369 > xxx.yyy.ddd.zzz.53: 58108 NS? . (19) May 17 11:45:37.720155 rule 7/(match) block in on em1: 69.171.243.241 > xxx.yyy.ddd.zzz: icmp: echo request May 17 11:45:39.213492 rule 7/(match) block in on em1: 69.171.243.241.52370 > xxx.yyy.ddd.zzz.53: 33246 NS? . (19) May 17 11:49:39.746886 rule 7/(match) block in on em1: 69.171.228.232 > xxx.yyy.ddd.zzz: icmp: echo request May 17 11:49:41.242588 rule 7/(match) block in on em1: 69.171.228.232.59470 > xxx.yyy.ddd.zzz.53: 33554 NS? . (19) xxx.yyy.ddd.zzz is our firewall IP 66.220.151.124, 69.171.243.241, 69.171.228.232 are IPs from facebook.com domain as ip2location reports. Thanks Siju _______________________________________________ Indian Libre User Group Cochin Mailing List http://www.ilug-cochin.org/mailing-list/ http://mail.ilug-cochin.org/mailman/listinfo/mailinglist_ilug-cochin.org #[email protected]
