Wow! I must be really important to some loser with no life out there. My little domain has been the subject of and/or unwitting participant in a Distributed Denial of Service (DoS), using bogus DNS requests started by some jerk using hundreds of computers with broken (at least, mis-configured) DNS servers.
I’ve made sure that my DNS servers are configured to be non-recursive and, while I’m waiting for the dust to settle, I’ll be constructing rules for my firewall which should mitigate the effects of the DDoS attack until the source is eliminated.
What follows is a list of the IP-addresses currently participating in the DDoS. Sadly, even while I write this, the following have appeared:
66.55.154.195
188.126.64.19
83.21.181.135
91.227.123.234
80.131.189.199
38.84.132.130
62.4.17.128
76.22.156.11
184.41.30.228
94.23.61.124
If you are running Linux and IPtables, put all of these addresses in a file, called “blocklist” and stick it on your firewall server somewhere and add a couple of rules like this to your IPtables:
grep -Ev ‘^#|^;|^\s*$’ /etc/fw/blocklist | while read L ; do
set $L; at_blocklist=$1; $IPTABLES -A INPUT -s $at_blocklist -j DROP
done
grep -Ev ‘^#|^;|^\s*$’ /etc/fw/blocklist | while read L ; do
set $L; at_blocklist=$1; $IPTABLES -A FORWARD -i + -s $at_blocklist -j DROP
done
grep -Ev ‘^#|^;|^\s*$’ /etc/fw/blocklist | while read L ; do
set $L; at_blocklist=$1; $IPTABLES -A OUTPUT -d $at_blocklist -j DROP
done
grep -Ev ‘^#|^;|^\s*$’ /etc/fw/blocklist | while read L ; do
set $L; at_blocklist=$1; $IPTABLES -A FORWARD -o + -d $at_blocklist -j DROP
done
I use Firewall Builder 5 to maintain my firewall and the above is the code it produces for IPtables using a blocklist file.
217.144.193.22
54.235.90.139
67.212.179.67
128.65.210.7
82.211.0.50
2.229.104.67
2 …
This goes on and on and on. No point in wasting bandwidth displaying it all. You get the idea. I want a piece of this clown when he’s caught and he will be caught too. It’s just a matter of time.
See idiot. You are not winning, in real life, or anywhere else either.
Denied, denied, denied. #fail (read as “pound-fail”) #POS (read as pound-, nah; It’s too messy).