[CentOS] DNS DoS attack
John Doe
jdmls at yahoo.com
Fri Aug 17 12:04:21 UTC 2012
From: Jussi Hirvi <listmember at greenspot.fi>
> On 17.8.2012 8.18, John R Pierce wrote:
>> meh, if its coming from lots of random hosts, then fail2ban style
>> techniques won't work. I assume this is an authoritative name server?
>> does it have recursive queries disabled so it can only return results
>> for the domain(s) its authoritative for ?
>
> Yes, it is authoritative. Recursive queries were open very widely. That
> may be why I started to get plenty of requests. But I think that 240 per
> second is not normal anymore, it must me malicious.
>
> I believe my name server was used as a mediator only, and the real
> target (through recursive queries) was some other public nameserver.
>
> This morning I restricted recursive queries to trusted networks only.
> The load dropped slowly to 20 % of what it was before.
Maybe it is this:
http://arstechnica.com/business/2012/03/how-anonymous-plans-to-use-dns-as-a-weapon/
JD
More information about the CentOS
mailing list