Hi Dave, Here is a link about someone who went through your scenario with a DNS server and DDOS
https://www.debian-administration.org/article/Blocking_a_DNS_DDOS_using_the_fail2ban_package Debian, not sure what you are running, but Fail2Ban should be similar setup. - Wesley On Thu, Feb 27, 2014 at 1:15 PM, David R. Wilson <[email protected]> wrote: > Thanks Guys, > > That is part of the problem. Charter as best I can tell refuses to > block anything. The fail2ban program looks like it might work. It > looks like just a ping to verify the address is legitimate and drop the > packet if there is no response would be one way to do it. > > I will stare at the fail2ban program docs a bit and see what that is > going to require. > > Dave > > On Thu, 2014-02-27 at 13:02 -0600, Tilghman Lesher wrote: > > On Thu, Feb 27, 2014 at 12:29 PM, David R. Wilson <[email protected]> > wrote: > > > I have had a problem with non resolvable IP addresses hitting my DNS > > > server (running BIND9) and eating up bandwidth. I am sure there is > some > > > instructions on how to assure the IP numbers resolve, but I apparently > > > missed the instructions. > > > > > > Some of those addresses I put into firewall rules to drop the inquiry. > > > Since then someone decided random IP addresses were more fun. Rate > > > limiting doesn't seem to help. > > > > > > Anyone in the group have the short story on how to fix this? > > > > I'm guessing you're talking about non-routable addresses? Ultimately, > > it's going to have to be solved by your upstream backbone provider, in > > terms of blocking packets with forged source addresses, since that's > > the nature of the problem. > > > > -- > > Tilghman > > > > -- > > > -- > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > -- http://www.wesleyduffeebraun.com <http://www.ashevillephotobooth.com> -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
