Those poor guys are under perma DNS Amplifcation DDoS for what seems
to be 2 weeks now.
About 7 days ago they started sending us emails for what is less
than 2MB worth of data (~500 packets) which is about how long it takes
for filters to take effect.
But after 1 week of communication they are not changing their
procedures
When OpenResolver Project was announced, there were about 60 abusable addresses in my corner of the Internet. I was able to get that number down under 20 by asking politely. The NFOserver reports have been a pretty good stick to get the number down below 10.
Well the abusers started to use burst and then switching targeted IP.
Last time I opened a ticket with GT-T/nLayer for a ~120Mbps NTP DDoS
Amplification "attempt" toward 2 of my IP's.
. after 2h, I called them directly to be told they lost my
original request;
. after 4h, got told it wasn't assigned yet;
. after 12h, they finally applied the filter as the amp attempt
stopped;
Based on that experience... why bother.
there are providers that have services to stop this sort of thing,
there is at least one provider that does that stuff for free... you
could vote with your wallet, of course.
To give you an idea, in the past 4 days and 30m queries, I'm up to
1100 blocked targets on one of my DNS Servers.