mercutio: yeah, i can't type all those letters with both shift keys pressed bad keyboard brycec: our router won't let traffic leave that is not from the vlan subnet; so no spoofing up_the_irons: yeah I figured. mercutio: any request dns attacks? but user said that traffic was leaving with the proper (vlan) ip *shrug* mnathani: yes, i believe so. my *.arpnetworks.com wildcard cert is on different servers. brycec: yeah, *shrug* something wrong on his setup, b/c we use OpenVPN ourselves and many other customers do as well I do too cool up_the_irons: host -t any arpnetworks.com 4.2.2.2 type attacks what they do is find open recursive servers and spam them with any requests for legitimate domains the recursive servers then keep hitting you again and again with any request for a valid domain name hitting authorative server luckly, it seemed to stop, and not last too long he may not have been natting his vpn trafic up_the_irons: ... well i've started shifting to blocking all port 53 unless needed to somewhere i've generally been of the limited firewall mindset. ie "allow most things, don't get in the way constantl" y that said i also block port 445 :) as soon as you're forwarding for lots of addresses though, constant port hits show up a bit more mercutio: yeah we can't block port 53 on our dns cuz that's in heavy use :) up_the_irons: yeh, i understand, i'm running dns on vm myself :) in multiple locations mind you. up_the_irons: do you block unused ips? wee tracing to 174.136.111.255 loops for instance that being a broadcast address normally... cos like when ip probes hit... things like that can loop a bit too mercutio: no blocking for unused IPs it was only 2 megabit or something of traffic about 12 hours ago or so for a few hours but sustained but that could add up, if it lasted a long time but for some reason, if your domain get included it'll get hit reasonably often over tiem from random ips. and any requests are meant to give more response than how much data sent i think they're spoofing and trying to hit the pesron doing the query err that it masquerades as hello busy here, I see (!) it's quiet... too quiet. :) LOUD NOISES loud? LOUD! LOUD? :) super-caps? papayrus caps because... well... that font rocks never heard of it i use consolas ooooh, so my client doesn't beep on new messages it seems :-) heh that's a good thing? :) not sure yet. it may be configurable..... just waiting on my new arpnetworks vps! .... they aren't late - I'm just impatient! :) ah well, 3.00am here, may as wel try again tomorrow good night/evening/morning whatever! lol super-caps, to be even louder than "LOUD"... somehow