On Wed, 2009-07-29 at 18:37 +0200, RedShift wrote: > Fredrik Eriksson wrote: > > Hi, > > I've seen that there's a dynamic update ddos attack that is widely > > available on the net and after looking for the solution it seems that > > bind's latest patch (9.6.1-P1) solves this problem. > > > > So my question is more like this, is extra/bind 9.6.1-1 in the > > repository the same as bind 9.6.1-P1? > > The build date of the current package in extra/ says the 18 July but the > > homepage of BIND says the latest patch was published the 28 July. > > > > Best regards > > Fredrik Eriksson > > > > > > According to a commenter on the slashdot news article about this issue, this should provide a temporary countermeasure: > > iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32 '30>>27&0xF=5' > > haven't tested it myself though... The current version 9.6.1.P1-1 in extra corrects the issue. k > Glenn -- K. Piche <kpiche@xxxxxxxxxx>
