On 04/01/2015 04:54 PM, Stephane Bortzmeyer wrote: >> Manual iptables rules are not maintainable, > In my experience, they are, if the attacker does not change the > suffix. Just my 2 cents here : The pattern I am seeing on my side does not evolve as fast as one per second, but the attacker does change domains every few hours or so.
However, the authoritative servers being hammered as a result do not change that much. (Most domains I am seeing are chinese domains related to online gambling and what not.) And, in my situation, trying to maintain local zones or iptables rules is a litteral "whack-a-mole" game, you can't humanely do that manually for an extended period of time. It's like, these guys have troves of domains to use and abuse... (Things get further tricky when some of these domains are set with wildcard records too) -- Stephane LAPIE, EPITA SRS, Promo 2005 "Even when they have digital readouts, I can't understand them." --MegaTokyo
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
