Re: isprime DOS in progress

[Harald Koch <chk () pobox com>]

Graeme Fowler wrote:
> On Tue, 2009-01-20 at 14:55 -0600, Todd T. Fries forwarded:

> I've been seeing a lot of noise from the latter two addresses after
> switching on query logging (and finishing an application of Team Cymru's
> excellent template) so I decided to DROP traffic from the addresses
> (with source port != 53) at the hosts in question.
>
> Well, blow me down if they didn't completely stop talking to me. Four
> dropped packets each, and they've gone away.
>   

I've seen that behaviour in the past, but not this time?

I've seen a few of these attacks bouncing off my nameservers recently, 
and when I add "DROP" rules to my firewall, the incoming traffic 
disappears soon after. But the most recent set (66.230.160.1 and 
66.230.128.15) are still hammering away...

--
Harald