discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

[opennic-discuss] DDOS blocking

From: <kennytaylor AT runbox.com>
To: "discuss" <discuss AT lists.opennicproject.org>
Subject: [opennic-discuss] DDOS blocking
Date: Tue, 02 Apr 2013 21:53:58 -0800 (PST)

Hi all,

I am getting hit tonight with 5-10 minute bursts of the DNS reflection
attack. I have an iptables rate limiter in place and that seems to reduce
the impact without adversely affecting legit traffic. There's a snippit of
bind log below. I'm not entirely sure offhand what that query is asking for.
I think it's asking for the ICANN root servers, but I'm not sure what the +E
means. Is this a request that any legitimate client would ever make?

02-Apr-2013 22:45:25.304 client 72.240.106.159#47803: query: . IN ANY +E
(208.111.40.37)
02-Apr-2013 22:45:25.304 client 72.240.106.159#47803: query: . IN ANY +E
(208.111.40.37)
02-Apr-2013 22:45:25.331 client 72.240.106.159#15198: query: . IN ANY +E
(208.111.40.37)
02-Apr-2013 22:45:25.332 client 72.240.106.159#15198: query: . IN ANY +E
(208.111.40.37)

Thanks,
Kenny

[opennic-discuss] DDOS blocking, kennytaylor, 04/03/2013
- Re: [opennic-discuss] DDOS blocking, Jeff Taylor, 04/03/2013
  - Re: [opennic-discuss] DDOS blocking, Aaron J. Angel, 04/03/2013
    - Re: [opennic-discuss] DDOS blocking, Jeff Taylor, 04/04/2013
      - Re: [opennic-discuss] DDOS blocking, kennytaylor, 04/04/2013
        
        Re: [opennic-discuss] DDOS blocking, Jeff Taylor, 04/04/2013
        
        Re: [opennic-discuss] DDOS blocking, kennytaylor, 04/04/2013
        
        Re: [opennic-discuss] DDOS blocking, Alex M (Coyo), 04/04/2013
    - Re: [opennic-discuss] DDOS blocking, David Norman, 04/06/2013
      - Re: [opennic-discuss] DDOS blocking, Kenny Taylor, 04/06/2013
        
        Re: [opennic-discuss] DDOS blocking, David Norman, 04/06/2013