[dns-operations] DDoS attack data collection
steve at ibctech.ca
Wed Jan 28 03:01:16 UTC 2009
Duane Wessels wrote:
> OARC is cooardinating collection of data that could help security
> researchers better understand this attack. If you are willing to
> help out by sending us some packet captures, please consider running
> the shell script found on our web page: https://www.dns-oarc.net/node/171
I see this traffic pattern to IP addresses of machines that have not
been active DNS-wise for months, if not years. I also have single-homed
clients that have DNS servers, who are iffy-at-best to get a hold of at
times, so I can't run the script on all DNS servers under my control.
Being a very small ISP, with only two Internet connections, would it be
helpful if I ran this on my border routers/ids's for all traffic ingress
to my entire /21?
For approximately 60 seconds I did let it run on one of my border
routers (FBSD running Quagga), and it sent six pcaps.
Is this advisable/helpful?
More information about the dns-operations