25 Jan
2009
25 Jan
'09
3 a.m.
I would not recommend sucking in your dns log into array, rather, read line by line and iterate over the file, line by line. Frank -----Original Message----- From: Brian Keefer [mailto:chort@smtps.net] Sent: Saturday, January 24, 2009 6:50 PM To: nanog@nanog.org Subject: Tracking the DNS amplification attacks (was: isprime DOS in progress) Caveat: my PERL is _terrible_. http://www.smtps.net/pub/dns-amp-watch.pl This assumes you're using BIND. My logs roll on the hour, so I run it from cron at 1 minute before the hour. Depending on how long it takes to process your logs, you might need to tweak. -- bk CA cert: http://www.smtps.net/pub/smtps-dot-net-ca-2.pem