subject:"Re\: Tracking the DNS amplification attacks \(was\: isprime DOS in progress\)"

Re: Tracking the DNS amplification attacks (was: isprime DOS in progress)

2009-01-30 Thread Crist Clark

>>> On 1/24/2009 at 4:50 PM, Brian Keefer wrote: > Caveat: my PERL is _terrible_. > > http://www.smtps.net/pub/dns-amp-watch.pl > > This assumes you're using BIND. My logs roll on the hour, so I run it > from cron at 1 minute before the hour. Depending on how long it takes > to process y

Re: Tracking the DNS amplification attacks (was: isprime DOS in progress)

2009-01-27 Thread Brian Keefer

and just now it changed to 64.57.246.146. Interestingly, the IP changed within minutes of me posting to NANOG. -- bk On Jan 27, 2009, at 6:34 AM, Brian Keefer wrote: There's another new IP: 67.192.144.0 . Initially (around 2AM Pacific) the query rate was 1 per second, but is now down

Re: Tracking the DNS amplification attacks (was: isprime DOS in progress)

2009-01-27 Thread Brian Keefer

There's another new IP: 67.192.144.0 . Initially (around 2AM Pacific) the query rate was 1 per second, but is now down significantly. -- bk

Re: Tracking the DNS amplification attacks (was: isprime DOS in progress)

2009-01-25 Thread James Hess

On Sat, Jan 24, 2009 at 9:00 PM, Frank Bulk wrote: > I would not recommend sucking in your dns log into array, rather, read line > by line and iterate over the file, line by line. > > Frank True.. reading into an array can get a bit nasty, if your server logs are a few gigabytes in size. Could u

Re: Tracking the DNS amplification attacks (was: isprime DOS in progress)

2009-01-25 Thread Brian Keefer

On Jan 24, 2009, at 7:00 PM, Frank Bulk wrote: -Original Message- From: Brian Keefer [mailto:ch...@smtps.net] Caveat: my PERL is _terrible_. http://www.smtps.net/pub/dns-amp-watch.pl I would not recommend sucking in your dns log into array, rather, read line by line and iterate o

RE: Tracking the DNS amplification attacks (was: isprime DOS in progress)

2009-01-24 Thread Roger Marquis

Frank Bulk wrote: I would not recommend sucking in your dns log into array, rather, read line by line and iterate over the file, line by line. Agreed. Python and Pytailer are particularly good tools for this application, running as a daemon and implementing

RE: Tracking the DNS amplification attacks (was: isprime DOS in progress)

2009-01-24 Thread Frank Bulk

I would not recommend sucking in your dns log into array, rather, read line by line and iterate over the file, line by line. Frank -Original Message- From: Brian Keefer [mailto:ch...@smtps.net] Sent: Saturday, January 24, 2009 6:50 PM To: nanog@nanog.org Subject: Tracking the DNS amplifi

Re: Tracking the DNS amplification attacks (was: isprime DOS in progress)

Re: Tracking the DNS amplification attacks (was: isprime DOS in progress)

Re: Tracking the DNS amplification attacks (was: isprime DOS in progress)

Re: Tracking the DNS amplification attacks (was: isprime DOS in progress)

Re: Tracking the DNS amplification attacks (was: isprime DOS in progress)

RE: Tracking the DNS amplification attacks (was: isprime DOS in progress)

RE: Tracking the DNS amplification attacks (was: isprime DOS in progress)

7 matches

Site Navigation

Mail list logo

Footer information