DNS DoS attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Looks like one of my name servers (CentOS 5) gets a lot of malicious 
queries. The cpu load is constantly about 3 %. I put on stricter limits 
on who is allowed recursive queries, but this does not affect the CPU 
load. I also updated bind.

I temporarily turned on querylog (command: rndc querylog), and noticed 
that I get over 200 queries like this per second:

> Aug 17 07:41:38 mx2 named[6873]: client 205.145.64.200#53: query (cache) 'ripe.net/ANY/IN' denied
> Aug 17 07:41:38 mx2 named[6873]: client 204.10.45.5#53: query (cache) 'ripe.net/ANY/IN' denied
> Aug 17 07:41:38 mx2 named[6873]: client 78.40.35.212#53: query (cache) 'ripe.net/ANY/IN' denied
> Aug 17 07:41:38 mx2 named[6873]: client 207.207.3.126#53: query (cache) 'ripe.net/ANY/IN' denied

Are there any ways to mitigate this, or do I just have to wait?

- Jussi
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux