In message <260425.38131...@web38201.mail.mud.yahoo.com>, W Sanders writes: > The easy way to block people trying to DoS you, without needing a firewall, > is to just null route their IP: "add route > 1.2.3.4 127.0.0.1". Of course this blocks ALL traffic from that IP, but in > most cases the IP trying to DoS you is someo > ne you don't care about anyway. If you have an authoritative server, this has > the side effect of blocking them from get > ting any DNS about your domain - USUALLY a good thing. > > Remember to remove the route after a while (in Unix with an "at" job) so a > year from now you or another sysadmin isn't > completely confused - the routing table on a server isn't exactly the first > thing one looks at. > > You can also write a script that grabs these IPs out of the syslog and > automatically null routes them. Call it "intrusi > on detection" if you will. > > -w
Which does collateral damage. Complain to your ISP if you are receiving these forged queries. they should be tracked back to their source and eliminated. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users