nanog mailing list archives
RE: Tracking the DNS amplification attacks (was: isprime DOS in progress)
From: "Frank Bulk" <frnkblk () iname com>
Date: Sat, 24 Jan 2009 21:00:53 -0600
I would not recommend sucking in your dns log into array, rather, read line by line and iterate over the file, line by line. Frank -----Original Message----- From: Brian Keefer [mailto:chort () smtps net] Sent: Saturday, January 24, 2009 6:50 PM To: nanog () nanog org Subject: Tracking the DNS amplification attacks (was: isprime DOS in progress) Caveat: my PERL is _terrible_. http://www.smtps.net/pub/dns-amp-watch.pl This assumes you're using BIND. My logs roll on the hour, so I run it from cron at 1 minute before the hour. Depending on how long it takes to process your logs, you might need to tweak. -- bk CA cert: http://www.smtps.net/pub/smtps-dot-net-ca-2.pem
Current thread:
- Re: Are we really this helpless? (Re: isprime DOS in progress), (continued)
- Re: Are we really this helpless? (Re: isprime DOS in progress) Michael Dillon (Jan 24)
- Re: Are we really this helpless? (Re: isprime DOS in progress) Eugeniu Patrascu (Jan 25)
- Re: Are we really this helpless? (Re: isprime DOS in progress) Eugeniu Patrascu (Jan 25)
- Re: Are we really this helpless? (Re: isprime DOS in progress) Brandon Galbraith (Jan 23)
- Re: Are we really this helpless? (Re: isprime DOS in progress) J.D. Falk (Jan 24)
- Re: Are we really this helpless? (Re: isprime DOS in progress) Seth Mattinen (Jan 24)
- RE: Are we really this helpless? (Re: isprime DOS in progress) Frank Bulk (Jan 23)
- Re: isprime DOS in progress Brian Keefer (Jan 23)
- Re: isprime DOS in progress Brian Keefer (Jan 24)
- Tracking the DNS amplification attacks (was: isprime DOS in progress) Brian Keefer (Jan 24)
- RE: Tracking the DNS amplification attacks (was: isprime DOS in progress) Frank Bulk (Jan 24)
- Re: Tracking the DNS amplification attacks (was: isprime DOS in progress) Brian Keefer (Jan 25)
- Re: Tracking the DNS amplification attacks (was: isprime DOS in progress) James Hess (Jan 25)
- Re: Tracking the DNS amplification attacks (was: isprime DOS in progress) Brian Keefer (Jan 27)
- Re: Tracking the DNS amplification attacks (was: isprime DOS in progress) Brian Keefer (Jan 27)
- Re: Tracking the DNS amplification attacks (was: isprime DOS inprogress) Xaver Aerni (Jan 27)
- Re: Tracking the DNS amplification attacks (was: isprime DOS in progress) Crist Clark (Jan 30)
- Re: isprime DOS in progress Andrew Fried (Jan 24)
- Re: isprime DOS in progress Nathan Ollerenshaw (Jan 23)
- Re: isprime DOS in progress Mark Andrews (Jan 23)
- Re: isprime DOS in progress David Andersen (Jan 25)