Security Incidents mailing list archives
DoS attack... what to do?
From: Nigel Kukard <nkukard () lbsd net>
Date: Tue, 04 Jan 2005 19:41:19 +0000
Hi Guys, Here is the situation...I have a dedicated server at ISP X, about 1 week after I signed up for the service I received a DoS attack against my DNS service... the attack came from over 10,000 IP addresses and tried to resolve the following domain names...
leet.nexhost.org ns1.nexhost.org ns2.nexhost.org floop.m33pm33p.info irc.k1hosting.net b0tn3t.elite-coders.orgI thought i would be clever and changed root.cache on my named service to resolve all dns queries to 127.0.0.1, this seems to of worked for about 1hr. Next I get even more attacks on port 5556 which I don't even use and basically by default drop everything to that port.
I have sent off abuse reports for over 10,000 IP's, grouping them by ISP and sending 1 email per ISP.....
What to do? I've got a constant 200Kbps of traffic, and its kinda bugging me...
Any help would greatly be appreciated. (btw, netsky.V uses port 5556) Regards Nigel Kukard
Current thread:
- DoS attack... what to do? Nigel Kukard (Jan 04)
- Re: DoS attack... what to do? falcon (Jan 04)
- Re: DoS attack... what to do? Faisal Khan (Jan 04)
- Re: DoS attack... what to do? Mark C (Jan 04)
- Re: DoS attack... what to do? Bernie Cosell (Jan 04)
- Re: DoS attack... what to do? Jose Nazario (Jan 05)
- Re: DoS attack... what to do? Bernie Cosell (Jan 04)
- <Possible follow-ups>
- RE: DoS attack... what to do? Shaffer, Bruce (Jan 04)
- Re: DoS attack... what to do? Steve Friedl (Jan 04)
- RE: DoS attack... what to do? Craig Skelton (Jan 05)
- Re: DoS attack... what to do? Alvin Oga (Jan 05)
- Re: DoS attack... what to do? Valdis . Kletnieks (Jan 07)
- Re: DoS attack... what to do? Steve Friedl (Jan 04)