Regular readers of this list may be amused to know that since this message hit the list I have been subject to sustained attempts to attack my host using the udp flood thingy (and other methods) from many different source addresses. Before I got bored, I logged more than 500 unique source addresses in less than an hour. I have also been subjected to several port scans, some of whom forged the addresses of some of the icann root nameservers as the source addresses of their packets[1]. This attack has given me the perfect chance to test out my firewall rules "in anger", and has shown that the udp rate limiter detailed in my previous message works perfectly (although I have made some tweaks since the original posting that have improved its performance further). I'd like to thank those who helped me test my firewall for their interest, but the box is still perfectly usable and I'd appreciate it if they could turn their attentions elsewhere. Thanks Sean [1]I don't use the ICANN root, so I don't contact the rsc root servers very often as you might imagine.
This archive was generated by hypermail 2b30 : Sat Jul 28 2001 - 18:46:09 PDT