[ratelimits] Rate limiting now seen in messages sent to abuse
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu Feb 14 09:24:08 UTC 2013
We (abuse at nic.fr) received a message about an attack using one of our
name servers and I note a new feature in the message sent by the
victim:
[...]
Please investigate for abusive users and compromised servers. Common points of abuse include:
port 7 (echo) - This port should be blocked from the public.
port 19 (chargen) - This is common seen on printers. This port should be blocked from the public.
port 53 (DNS) - DNS servers should rate limit requests per IP to 100 per minute or lower. For BIND9
see this patch http://www.redbarn.org/dns/ratelimits
UDP game servers like Call of Duty - Patches should be available to limit requests per IP.
[...]
----- End forwarded message -----
More information about the ratelimits
mailing list