Partly my fault, I had a recursive DNS server on my network which should have been accepting only authoritative requests - Stupid I know but I had a hardware failure and had to configure this machine up quickly and missed this out.
Anyway, noticed my inbound traffic spike to around 5mbps (constant) and narrowed it down to one host hitting port 53 hard. I've updated my FW to drop the packets and have null routed them just for extra sanity, then called TelstraClear.
The tech I spoke to repeatedly said it was my responsibility to filter the traffic even after explaining I had already done so and the only further steps I could take to stop the traffic hitting my modem was to turn it off.
I've spoken to several different techs/customer support people and they have explained they don't have the tools to filter this particular traffic to my IP address. Their reason was it could be legitimate traffic.
My question to you all, is surely this can't be true. They manage the network and should mitigate what could be classed as a DOS attack on one of their customers.
My account is at 100% utilisation and around 50Gb per day and they can't block it.????!?!