Re: DNS DoS attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Am Thu, 16 Aug 2012 22:18:19 -0700
schrieb John R Pierce <pierce@xxxxxxxxxxxx>:

> On 08/16/12 9:54 PM, Jussi Hirvi wrote:
> >> Aug 17 07:41:38 mx2 named[6873]: client 205.145.64.200#53: query
> >> (cache) 'ripe.net/ANY/IN' denied
> >> >Aug 17 07:41:38 mx2 named[6873]: client 204.10.45.5#53: query
> >> >(cache) 'ripe.net/ANY/IN' denied Aug 17 07:41:38 mx2 named[6873]:
> >> >client 78.40.35.212#53: query (cache) 'ripe.net/ANY/IN' denied
> >> >Aug 17 07:41:38 mx2 named[6873]: client 207.207.3.126#53: query
> >> >(cache) 'ripe.net/ANY/IN' denied
> > Are there any ways to mitigate this, or do I just have to wait?
> 
> 
> meh, if its coming from lots of random hosts, then fail2ban style 
> techniques won't work.  I assume this is an authoritative name
> server? does it have recursive queries disabled so it can only return
> results for the domain(s) its authoritative for ?



It's a common "attack".

Just search google.
I think, someone mentioned a firewall rule here a couple of weeks ago
to block these types of queries.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux