Am 02.11.2023 10:58 schrieb Mosharaf Hossain: > The attack originates from an external network, and it periodically > saturates our entire internet bandwidth.
Can you verify that the source IP is not spoofed (TCP ACK replies instead of ACK RST, no ICMP port unreachable for UDP)? If yes, contact the abuse desk, so they can shut that machine down. If they refuse to do, you can block their address ranges for some time to see if they stop attacking your server. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
