Pigpen, my Linux server, is a small former desktop workstation, way underpowered but still more moxie than I ordinarily need. Yesterday it was acting funny, so I rebooted it. That made it worse. Couldn't get the Gnome UI to come up. It was down for two hours while I fretted.
I considered hitting the hard reset button, but I don't like to do that if I can avoid it. I tried Ctrl-Alt-different keys and accidentally got it to resume its startup sequence. So the daemons were functioning, just couldn't get graphics. No big deal.
Syslog revealed that someone in Russia, or maybe in Luxembourg, was hammering my nameserver daemon with random cache poisoning attempts from IP 62.109.4.89, over 65,000 DNS queries per day. That was enough to slow down all the other processes. It started at 17:43:40 on 2/17 and continued until I took the server down at 13:19:19 on 2/21.
As the internet was built upon mutual trust among like-minded techies, a lot of conventions were adopted that relied on that trust. Spammers were the first to take advantage of it, and now, black hats abound. Just like squirrels at a bird feeder, they see an opportunity to use a public facility for other than its intended purpose. That's a crime, but it's hard to catch the bad guys and impossible to prevent their misbehavior.
So at the moment my router is now dropping all traffic coming from 62.109.0.0/20. I suppose there's a more difficult way to solve the problem, but this one is a start. The myriad Russian viewers of this site will no doubt be heartbroken
0 comments:
Post a Comment