What are these entries in the log file (blocking)
W Sanders
wsanders1 at yahoo.com
Tue Jan 27 16:43:33 UTC 2009
The easy way to block people trying to DoS you, without needing a firewall, is to just null route their IP: "add route 1.2.3.4 127.0.0.1". Of course this blocks ALL traffic from that IP, but in most cases the IP trying to DoS you is someone you don't care about anyway. If you have an authoritative server, this has the side effect of blocking them from getting any DNS about your domain - USUALLY a good thing.
Remember to remove the route after a while (in Unix with an "at" job) so a year from now you or another sysadmin isn't completely confused - the routing table on a server isn't exactly the first thing one looks at.
You can also write a script that grabs these IPs out of the syslog and automatically null routes them. Call it "intrusion detection" if you will.
-w
More information about the bind-users
mailing list