From owner-freebsd-questions@FreeBSD.ORG  Mon Apr  1 05:02:25 2013
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 22806656
 for <freebsd-questions@freebsd.org>; Mon,  1 Apr 2013 05:02:25 +0000 (UTC)
 (envelope-from kudzu@tenebras.com)
Received: from mail-ob0-x230.google.com (mail-ob0-x230.google.com
 [IPv6:2607:f8b0:4003:c01::230])
 by mx1.freebsd.org (Postfix) with ESMTP id E8302872
 for <freebsd-questions@freebsd.org>; Mon,  1 Apr 2013 05:02:24 +0000 (UTC)
Received: by mail-ob0-f176.google.com with SMTP id er7so1607728obc.35
 for <freebsd-questions@freebsd.org>; Sun, 31 Mar 2013 22:02:24 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=google.com; s=20120113;
 h=mime-version:x-received:in-reply-to:references:date:message-id
 :subject:from:to:cc:content-type:x-gm-message-state;
 bh=zbdRRsLQHgtMRBhLqF/WFGK9OzNxrQn5NkqPi/nApA0=;
 b=lSAx+dfXjAkvvoGskNlyQ5f94NlmBmrsLP6E0Vf+FE6zWJJ0T42qT7wb8Age1xGyIu
 Q06M/SOwoBiv30Q72RLucxTaCbsbxACw2uaNZVVLMjThDyOTYjwDm9eBUQjZFTkSDLSs
 Z4U+gIJTx3OHGFFK6BuQi8pf/URg1lYY8vJpfa1+yYqoTgTpIxbrF829u5OyGn13BgMX
 63UMYaLU/4E/wh8em1rv8GNWuPPRD9oQUVFkNCIpWyzDhb6A20MTy25DfBXoHmLMlbCn
 K3q5EPibXr3OS+L0uM+mfOM+4QwEblRbyNJnlOkk500JxTTWSYhQiQYWwxmpqN6tgIIA
 9ROw==
MIME-Version: 1.0
X-Received: by 10.60.50.102 with SMTP id b6mr3505190oeo.46.1364792544565; Sun,
 31 Mar 2013 22:02:24 -0700 (PDT)
Received: by 10.60.92.37 with HTTP; Sun, 31 Mar 2013 22:02:24 -0700 (PDT)
In-Reply-To: <kjb321$u1j$1@ger.gmane.org>
References: <049d01ce2e89$c428ab80$4c7a0280$@com> <kjb321$u1j$1@ger.gmane.org>
Date: Sun, 31 Mar 2013 22:02:24 -0700
Message-ID: <CAHu1Y725QYHahwb3Pr7vFPENC_Dqqxv1vfXb-0hzHa9Uj_mahA@mail.gmail.com>
Subject: Re: Problems with IPFW causing failed DNS and FTP sessions
From: Michael Sierchio <kudzu@tenebras.com>
To: nightrecon@hotmail.com
Content-Type: text/plain; charset=ISO-8859-1
X-Gm-Message-State: ALoCoQlPSesKf2XraQlM6eGV55PTQ8JWwkX9HN3YijG7hd89gB0bCTG1DmVTcY5WhhukbvypJ9ka
Cc: freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Apr 2013 05:02:25 -0000

On Sun, Mar 31, 2013 at 9:39 PM, Michael Powell <nightrecon@hotmail.com> wrote:

> I'm probably not smart enough to be able to help directly with your problem
> but I'd like to add that there is a snowballing DNS Amplification ddos
> attack against SpamHaus going on which is spilling over

Yes, this is very much true.  The ICANN servers are dropping packets
like mad, and many of the .com servers as well.  I am mirroring the
root zone locally to mitigate.

It works to forward DNS to Google's servers (8.8.8.8, 8.8.4.4.) EXCEPT
- they are blocking some net blocks (issuing spurious negative
responses) because of large numbers of nets with hosts in the botnet
participating in the attack.

- M