Re: denied NS/IN

2009-01-23 Thread Nathan Ollerenshaw
On 24/01/2009, at 9:57 AM, Mark Andrews wrote: You you don't also have blessed silence on the counters on this rule there is still a problem and you should be complaining to whoever is sending the packets to you. This just stops the amplification it doesn't clea

Re: denied NS/IN

2009-01-23 Thread Mark Andrews
In message , Nathan Ollerenshaw writes: > On 21/01/2009, at 10:40 AM, Scott Haneda wrote: > > > Hello, looking at my logs today, I am getting hammered with these: > > 20-Jan-2009 15:39:06.284 security: info: client 66.230.160.1#48517: > > query (cache) './NS/IN' denied > > 20-Jan-2009 15:39:06

Re: denied NS/IN

2009-01-23 Thread Nathan Ollerenshaw
On 21/01/2009, at 10:40 AM, Scott Haneda wrote: Hello, looking at my logs today, I am getting hammered with these: 20-Jan-2009 15:39:06.284 security: info: client 66.230.160.1#48517: query (cache) './NS/IN' denied 20-Jan-2009 15:39:06.790 security: info: client 66.230.128.15#31593: query (ca

Re: denied NS/IN

2009-01-22 Thread Sam Wilson
In article , Mark Andrews wrote: > In message , Scott Haneda > writ > es: > > > Is BCP 38 really as solid and plug and play as it sounds? In a > > shared, or colo'd environment, can that ISP really deploy something > > like this, without it causing trouble for those that assume unfettered

Re: denied NS/IN

2009-01-22 Thread Niall O'Reilly
On Thu, 2009-01-22 at 10:25 +1100, Mark Andrews wrote: > One way to test is to have a test box that sends spoofed traffic > to a machine you control. Thanks, Mark. That tells me pretty well what I needed to know, but hoped not to hear: I have to build my own bot-net. 8-)

Re: denied NS/IN

2009-01-21 Thread Mark Andrews
In message <1232561124.6369.187.ca...@d410-heron>, "Niall O'Reilly" writes: > On Wed, 2009-01-21 at 12:44 +1100, Mark Andrews wrote: > > You should talk to your ISP to chase the traffic back to > > its source and get BCP 38 implemented there. BCP 38 is ~10 > > years old no

Re: denied NS/IN

2009-01-21 Thread Niall O'Reilly
On Wed, 2009-01-21 at 12:44 +1100, Mark Andrews wrote: > You should talk to your ISP to chase the traffic back to > its source and get BCP 38 implemented there. BCP 38 is ~10 > years old now. There is no excuse for not filtering spoofed > traffic. Absolute

Re: denied NS/IN

2009-01-21 Thread Matus UHLAR - fantomas
On 20.01.09 17:52, Frank Bulk wrote: > That's being discussed on NANOG, here's one thread: > http://markmail.org/message/ydiqnztzmz5qmusf > > See here for more details in blocking them: > http://www.cymru.com/Documents/secure-bind-template.html > specifically: > > blackhole { > // Den

Re: denied NS/IN

2009-01-20 Thread Mark Andrews
In message , Scott Haneda writ es: > On Jan 20, 2009, at 5:44 PM, Mark Andrews wrote: > > > In message <232b45f8-acd3-427a-95e9-bc3ca5fc9...@newgeo.com>, Scott > > Haneda writ > > es: > >> Hello, looking at my logs today, I am getting hammered with these: > >> 20-Jan-2009 15:39:06.284 security:

Re: denied NS/IN

2009-01-20 Thread Scott Haneda
On Jan 20, 2009, at 5:44 PM, Mark Andrews wrote: In message <232b45f8-acd3-427a-95e9-bc3ca5fc9...@newgeo.com>, Scott Haneda writ es: Hello, looking at my logs today, I am getting hammered with these: 20-Jan-2009 15:39:06.284 security: info: client 66.230.160.1#48517: query (cache) './NS/IN' d

Re: denied NS/IN

2009-01-20 Thread Mark Andrews
In message <232b45f8-acd3-427a-95e9-bc3ca5fc9...@newgeo.com>, Scott Haneda writ es: > Hello, looking at my logs today, I am getting hammered with these: > 20-Jan-2009 15:39:06.284 security: info: client 66.230.160.1#48517: > query (cache) './NS/IN' denied > 20-Jan-2009 15:39:06.790 security: inf

RE: denied NS/IN

2009-01-20 Thread Frank Bulk
M To: frnk...@iname.com Cc: BIND Users Mailing List Subject: Re: denied NS/IN On Jan 20, 2009, at 3:52 PM, Frank Bulk wrote: > That's being discussed on NANOG, here's one thread: > http://markmail.org/message/ydiqnztzmz5qmusf > > See here for more details in blocking them:

Re: denied NS/IN

2009-01-20 Thread Scott Haneda
On Jan 20, 2009, at 3:52 PM, Frank Bulk wrote: That's being discussed on NANOG, here's one thread: http://markmail.org/message/ydiqnztzmz5qmusf See here for more details in blocking them: http://www.cymru.com/Documents/secure-bind-template.html specifically: blackhole { // Deny anyth

RE: denied NS/IN

2009-01-20 Thread Frank Bulk
20, 2009 5:41 PM To: BIND Users Mailing List Subject: denied NS/IN Hello, looking at my logs today, I am getting hammered with these: 20-Jan-2009 15:39:06.284 security: info: client 66.230.160.1#48517: query (cache) './NS/IN' denied 20-Jan-2009 15:39:06.790 security: info: client 66.

denied NS/IN

2009-01-20 Thread Scott Haneda
Hello, looking at my logs today, I am getting hammered with these: 20-Jan-2009 15:39:06.284 security: info: client 66.230.160.1#48517: query (cache) './NS/IN' denied 20-Jan-2009 15:39:06.790 security: info: client 66.230.128.15#31593: query (cache) './NS/IN' denied Repeated over and over, ho