I respectfully disagree. Network engineers have to keep up with many tasks and preventing DoS/DDoS should be the responsibility of everyone. I see more folks worried about spam than they are actual security. My two cents. -- Jeffrey Lyon, Leadership Team jeffrey.lyon@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Look for us at HostingCon 2009 in Washington, DC on August 10th - 12th at Booth #401. On Fri, Jan 23, 2009 at 9:05 PM, Seth Mattinen <sethm@rollernet.us> wrote:
Noel Butler wrote:
On Sat, 2009-01-24 at 07:21, Chris McDonald wrote:
We [AS3491] null0'd the IP earlier. Rest-of-world encouraged to do the same :/
Wrong approach, they are *innocent* in this as are the new targets.
insert into your favourite acl: deny udp host 66.230.160.1 neq 53 any eq 53 deny udp host 66.230.128.15 neq 53 any eq 53
But it's much less work to add a filter on the name server as others have mentioned.
Having the world trying to keep up with ACL entries seems futile. Is there really nothing to be done about this? (Yes, I know, BCP38, but obviously the accomplice providers don't care.)
~Seth