Hi there
after entering to the DNS attack business (as the one who is attacked) i think of the following
Can an access list rule be done that will have rule per gateway subnet on the main AMPRNET ROUTER ?
I mean if I have a 44.138.1.x that i will be able to have rules for my subnet as i want ?
I ask it because the firewall rule i have added to the miKrotiK (thanks a lot to the ham who gave me the correct syntax) does the job but the tunnel to UCSD still flud with incoming DNS attack noise of about 500KB/s (of course that the router block them to pass through but if i could stop this attack before they even enter to the tunnel from UCSD to me)
NB i still dont understand what is the point standing behind UDP flood may someone explain me ?
I can understand telnet ftp ssh web attempt but not DNS flood may someone explain it to me ?
one more point I have talked with a friend of myn which his job include networking he have a Fixed IP connected to Cisco ASA Firewall and he doesn't see any DNS attacks in the logs he saw here and there SIP attempts (i see at the 44 Net here also some UDP sip but it is almost 0 comparing the DNS attack) so it look like the DNS is related more to the AMPRNET and not to regular internet
or maybe this is a coincidence
anyway it is something i havent seen on the AMPRNET network we had 20 years ago
Regards
Ronen - 4Z4ZQ
Ronen Pinchooks (4Z4ZQ) WebSitehttp://www.ronen.org/ www.ronen.org ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com