LaBrea Tarpit http://labrea.sourceforge.net/ can do this as well, though perhaps only for IPv4. Basically it looks for unanswered ARP requests and answers them. What it does with the ensuing session data is configurable.
--- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume. >-----Original Message----- >From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Stephen >Satchell >Sent: Tuesday, 20 March, 2018 19:39 >To: nanog@nanog.org >Subject: Fwd: RE: [EXT] Fwd: Re: problems sending to prodigy.net >hosted email > >Linux systems have the ability, given enough RAM, to associate almost >any number of IP addresses to a given interface. Our IP allocation >database kept track of who was using what IP address. I wrote some >queries to collect all unassigned IP addresses, and to construct the >appropriate shell commands to assign those IP addresses to Ackbar's >interface. Part of the program would also remove any allocated IP >addresses from the server automtically. > >Worked like a charm. > >Whenever someone would nmap our address space, there would be at most >one ARP request for the address; the router would then remember the >IP->MAC association for the subsequent scans for a period of time -- >30 >minutes if we were renumbering, 12 hours otherwise. > >The Ackbar server lived attached to our main distribution switch, so >that subsequent traffic to those unused IP addresses stayed out of >the >server farm. We had some, er, "interesting" denial of service >attacks >that didn't do as much damage as they could have. > > >-------- Forwarded Message -------- >Subject: RE: [EXT] Fwd: Re: problems sending to prodigy.net hosted >email >Date: Tue, 20 Mar 2018 17:15:25 +0000 >From: Charles Bronson <cbron...@iec-electronics.com> >To: nanog@nanog.org <nanog@nanog.org> > >If this isn't pertinent to the list, feel free to answer privately. >How >did you implement the server that got rid of ARP storms? > > >Charles Bronson > > > >-----Original Message----- >From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Stephen >Satchell >Sent: Monday, March 19, 2018 9:31 PM >To: nanog@nanog.org >Subject: [EXT] Fwd: Re: problems sending to prodigy.net hosted email > >Two DNS servers hosted on one box (or VM object), even with two >addresses, is easily compromised by DDoS amplification attacks. >That's >the norm for a number of "web control panel" systems like Plesk and >CPanel. > >It depends on the scale of your operations. Last time I was in that >situation, I had roughly 25,000 domains spread across 30 servers. >Life >became MUCH simpler when I put up dedicated, and high-power, physical >systems running non-recursive BIND for DNS1 and DNS2, as well as >another >pair of boxes running recursive servers as DNS3 and DNS4. > >Getting QMail and Exim to "smart host" to my monster MX servers >proved >to be pretty easy, and I even was able to get the web servers to tell >me >when a mailbox was full so I could reject the SMTP exchange at the >edge, >instead of generating backscatter. > >And, with a pool of roughly 4,000 IP addresses, I got rid of ARP >storms >in our network by putting up a little server called "ackbar", that >was >configured to respond to all otherwise unused IP address in our pool. >(Edge routers were Cisco 7000 class, with DS3 uplinks.) > >Lessons learned well. > >-------- Forwarded Message -------- >Subject: Re: problems sending to prodigy.net hosted email >Date: Mon, 19 Mar 2018 17:55:33 +0100 >From: Chris <chris2...@postbox.xyz> >To: C. Jon Larsen <jlar...@richweb.com> >CC: nanog@nanog.org > >On Mon, 19 Mar 2018 11:56:16 -0400 (EDT) C. Jon Larsen wrote: > >> > Why not? Never had a problem with multiple services on linux, in >> > contrast to windows where every service requires its own box (or >at >> > least vm). >> >> Go for it ! Failure is an awesome teacher :) > >Don't really see a problem, especially since you normally always have >two DNS servers... > >-- >Papst Franziskus ruft zum Kampf gegen Fake News auf. Wir finden, der >Mann, der sich als Stellvertreter Christi ausgibt, von dem er >behauptet, >dessen Mutter sei zeitlebens Jungfrau gewesen, er hätte über Wasser >gehen und selbiges in Wein verwandeln können, hat vollkommen recht.
