I've been logging what is very obviously an attack directed at some of my dns servers. My router/IDS has logged hundreds of thousands of these requests in the last 7 days.
The router is reporting the following events in my syslog which is what initially alerted me to the condition:
IPS-4-SIGNATURE: Sig:4620 Subsig:0 Sev:2 DNS Limited Broadcast Query
My question is, I blackholed the offending source IP address but the events haven't stopped.
Does this mean that the attack is still getting through?