[CentOS] DNS DoS attack
Jussi Hirvi
listmember at greenspot.fi
Fri Aug 17 11:37:26 UTC 2012
On 17.8.2012 8.18, John R Pierce wrote:
> meh, if its coming from lots of random hosts, then fail2ban style
> techniques won't work. I assume this is an authoritative name server?
> does it have recursive queries disabled so it can only return results
> for the domain(s) its authoritative for ?
Yes, it is authoritative. Recursive queries were open very widely. That
may be why I started to get plenty of requests. But I think that 240 per
second is not normal anymore, it must me malicious.
I believe my name server was used as a mediator only, and the real
target (through recursive queries) was some other public nameserver.
This morning I restricted recursive queries to trusted networks only.
The load dropped slowly to 20 % of what it was before.
- Jussi
More information about the CentOS
mailing list