nanog mailing list archives

Tracking the DNS amplification attacks (was: isprime DOS in progress)

From: Brian Keefer <chort () smtps net>
Date: Sat, 24 Jan 2009 16:50:24 -0800

Caveat:  my PERL is _terrible_.

http://www.smtps.net/pub/dns-amp-watch.pl

This assumes you're using BIND. My logs roll on the hour, so I run itfrom cron at 1 minute before the hour. Depending on how long it takesto process your logs, you might need to tweak.


--
bk
CA cert:  http://www.smtps.net/pub/smtps-dot-net-ca-2.pem

Attachment: smime.p7s
Description:

Current thread:

Re: Are we really this helpless? (Re: isprime DOS in progress), (continued)
- - - Re: Are we really this helpless? (Re: isprime DOS in progress) Jon Kibler (Jan 24)
    - Re: Are we really this helpless? (Re: isprime DOS in progress) Michael Dillon (Jan 24)
    - Re: Are we really this helpless? (Re: isprime DOS in progress) Eugeniu Patrascu (Jan 25)
    - Re: Are we really this helpless? (Re: isprime DOS in progress) Eugeniu Patrascu (Jan 25)
    - Re: Are we really this helpless? (Re: isprime DOS in progress) Brandon Galbraith (Jan 23)
    - Re: Are we really this helpless? (Re: isprime DOS in progress) J.D. Falk (Jan 24)
    - Re: Are we really this helpless? (Re: isprime DOS in progress) Seth Mattinen (Jan 24)
    - RE: Are we really this helpless? (Re: isprime DOS in progress) Frank Bulk (Jan 23)
    - Re: isprime DOS in progress Brian Keefer (Jan 23)
    - Re: isprime DOS in progress Brian Keefer (Jan 24)
    - Tracking the DNS amplification attacks (was: isprime DOS in progress) Brian Keefer (Jan 24)
    - RE: Tracking the DNS amplification attacks (was: isprime DOS in progress) Frank Bulk (Jan 24)
    - Re: Tracking the DNS amplification attacks (was: isprime DOS in progress) Brian Keefer (Jan 25)
    - Re: Tracking the DNS amplification attacks (was: isprime DOS in progress) James Hess (Jan 25)
    - Re: Tracking the DNS amplification attacks (was: isprime DOS in progress) Brian Keefer (Jan 27)
    - Re: Tracking the DNS amplification attacks (was: isprime DOS in progress) Brian Keefer (Jan 27)
    - Re: Tracking the DNS amplification attacks (was: isprime DOS inprogress) Xaver Aerni (Jan 27)
    - Re: Tracking the DNS amplification attacks (was: isprime DOS in progress) Crist Clark (Jan 30)
    - Re: isprime DOS in progress Andrew Fried (Jan 24)
    - Re: isprime DOS in progress Nathan Ollerenshaw (Jan 23)
    - Re: isprime DOS in progress Mark Andrews (Jan 23)

(Thread continues...)