On Tue, 23 Sep 2003, Edward Yardley wrote:

heh, this could always be an option :-P ip route 64.94.110.11 255.255.255.255 null0

Doesn't help with the wildcarded DNS though... -- Juha Saarinen

"Edward Yardley" wrote:

...

heh, this could always be an option :-P ip route 64.94.110.11 255.255.255.255 null0

*Please* don't do that.

That doesn't get rid of the bogus A record; it just turns an attempt to connect to Verisign into a looong wait while the connection times out.

Exactly.... and think of all the mis-addressed mail stuck in the outgoing mail queue that won't even report a temporary failure for hours, let alone bounce in a timely fashion... Hopefully not too many have resorted to the knee-jerk reaction of blackholing the ip address, although I have to wonder from the various mailing lists I read.... :/ Regards, Simon

On Tue, 23 Sep 2003, David Clarke wrote:

I swapped over ICONZ's servers to 9.2.3rc4 and put in the requisite delegation-only entries today. Would have done so earlier but the rc2 was giving false positives and the hack for 8.4.1 was slow to return NXDOMAIN for some reason (which I admittedly didn't look into).

Oh, you removed those patches? Okay, ICONZ _DID_ patch against it the same day, but if the patches were dodgy, perhaps we should have waited. My own personal DNS servers are unpatched, as I've been testing exactly how much these poisoned entries break stuff, and what stuff that might be. JSR -- John S Russell | Big Geek | Doing geek stuff.

On Tue, Sep 23, 2003 at 07:35:31PM -0700, Pipes wrote:

FYI,

monkeys.com DNSBL is gone and not coming back. This is the result of a massive DDoS attack on their network.

I know it may have been asked before, but are there any local .nz DNSBL's hanging around?

Cheers,

Yep, I disabled proxies.relays.monkeys.com this morning. Now I have got my first CacheFlowServer@ proxied UBE in a long time. I find it perplexing that there are organizations out there which can afford CacheFlow prices yet can't afford administrators with a clue. Hopefully there is some software out there somewhere that can be used as the basis of a new proxy blacklist without reinventing the wheel. It looks like the existing public access blacklists are systematically being blasted one by one. Regards, RH. -- Friends don't let friends do Windows(tm).

Wonder if something simular to the F-root server setup would work. With local mirrors in each country with the same ip. Barry ----- Original Message ----- From: "Hamish MacEwan" To: Sent: Wednesday, September 24, 2003 10:03 PM Subject: Re: [nznog] Monkies.com

On Wed, Sep 24, 2003 at 15:23 +1200, richard(a)kcbbs.gen.nz wrote:

...

Hopefully there is some software out there somewhere that can be used as the basis of a new proxy blacklist without reinventing the wheel. It looks like the existing public access blacklists are systematically being blasted one by one.

Would a distributed service be the best way to avoid the DDoS peril? Does any such software exist?

...

Regards, RH.

Hamish.

-- Space isn't remote at all. It's only an hour's drive away if your car could go straight upwards. --Fred Hoyle _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

FYI,

monkeys.com DNSBL is gone and not coming back. This is the result of a massive DDoS attack on their network.

And since its a .com domain, presumably if/when the domain becomes unregistered or undelegated, good 'ol verisign will start returning their webserver ip address for all lookups, magically making the DNSBL "spring to life" again but blacklisting everyone :) (as happened with ORBS recently with SpamAssassin) For those that havn't patched their DNS servers yet, anyway... Regards, Simon