<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hi Will,<br>
<br>
we did this with fail2ban.<br>
We grepped the bad requests, took a pattern and let fail2ban ban
all ip with this pattern.<br>
This workes fine for us.<br>
<br>
Dirk<br>
<br>
Am 18.03.2013 12:00, schrieb Will Nordmeyer:<br>
</div>
<blockquote
cite="mid:f9a59cc588218cce56b6c9b240f4e3d4@wnahosting.com"
type="cite">
<p>Last night (actually over the past few days), my server has
been hammered with DNS requests (to the tune of about 5 Mb/sec
bandwidth, 6 IPs, 10-20 connections, thousands of requests)...
Is there a way for bfd/apf or another tool to monitor for this
and add the offending servers to either deny_hosts.rules or
iptables?</p>
<p>--Will</p>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Blueonyx mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Blueonyx@mail.blueonyx.it">Blueonyx@mail.blueonyx.it</a>
<a class="moz-txt-link-freetext" href="http://mail.blueonyx.it/mailman/listinfo/blueonyx">http://mail.blueonyx.it/mailman/listinfo/blueonyx</a>
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Dirk Jessel
BB-ONE.net - BX/BQ-VPS-Hosting in Berlin
Support-Team
-----------------------------------------------------------------------
Internetpartner der Wirtschaft
Web: <a class="moz-txt-link-abbreviated" href="http://www.bb-one.net">www.bb-one.net</a>
eMail: <a class="moz-txt-link-abbreviated" href="mailto:support@bb-one.net">support@bb-one.net</a>
Fon: +49 30 22 49 46 30
BB-ONE.net Ltd.
Niederlassung Berlin
13439 Berlin
Borgsdorfer Strasse 30
USt-IdNr. DE188018781
Amtsgericht Berlin-Charlottenburg, HRB 104629
Geschäftsführer Uwe Stache
-----------------------------------------------------------------------</pre>
</body>
</html>