On Mon, Jul 23, 2012 at 02:07:51PM +0200, Marek Salwerowicz <marek_...@wp.pl> wrote a message of 30 lines which said:
> What I made now, is just to parse logs and block IPs that ask for > ripe.net via ipfw. As mentioned by Phil Mayers, the source IP address is forged. By blocking this IP, you strike the victim. > But is there any other solutions for that permanent attacks? The operators of F-root use this on their FreeBSD machines to rate-limit per source IP: add pipe 1 udp from any to any 53 in pipe 1 config mask src-ip 0xffffffff buckets 1024 bw 400Kbit/s queue 3 add pipe 2 tcp from any to any 53 in pipe 2 config mask src-ip 0xffffffff buckets 1024 bw 100Kbit/s queue 3 _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
