Fredrik Eriksson wrote:
Hi,
I've seen that there's a dynamic update ddos attack that is widely
available on the net and after looking for the solution it seems that
bind's latest patch (9.6.1-P1) solves this problem.
So my question is more like this, is extra/bind 9.6.1-1 in the
repository the same as bind 9.6.1-P1?
The build date of the current package in extra/ says the 18 July but the
homepage of BIND says the latest patch was published the 28 July.
Best regards
Fredrik Eriksson
According to a commenter on the slashdot news article about this issue, this should provide a temporary countermeasure:
iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32 '30>>27&0xF=5'
haven't tested it myself though...
Glenn
