Search Again: Re: Getting Hammered... From: Bob Minor Date: Thursday, April 1, 2004 Time: 9:43:31 pm Sounds like a primative ddos attack. There are ddos mitigation devices but they can be expensive. An easy way is to kill the attack is to switch the dns record to a dead server or use register.com They can handle the load. They might change the attack though, so you will need to keep an eye on it. One thing that we did when this happened, we blocked all tcp access to that server at the firewall or you can do it at the router. The attack was coming in on the tcp protocol and not the udp, this enabled us to continue to function for dns which uses udp 53. If the domain is not active I would pull your dns servers from be the authority for this domain until such time as you need the domain. On Apr 1, 2004, at 11:21 PM, BJ Cotter wrote: > My primary dns server (3.5.3 under OS 9) is being hammered at 500+ > queries a second for a domain that we host... or at least used to > host... we still hold the dns for a client but the domain is not > really in use. This activity is bringing my server to a standstill. > Are there any suggestions for what I might do to combat this? I have > turned on debug logging and the range of ip addresses reported is very > much random.

Messages In This Thread: Getting Hammered... by BJ Cotter on Apr 1, 2004 at 9:21:56 pm Re: Getting Hammered... by Bob Minor on Apr 1, 2004 at 9:43:31 pm Re: Getting Hammered... by Len Conrad on Apr 1, 2004 at 9:56:58 pm