discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: mike <mike AT pikeaero.com>
- To: discuss AT lists.opennicproject.org
- Subject: Re: [opennic-discuss] DoS amp attack today
- Date: Wed, 17 Apr 2013 07:29:54 -0500
- Envelope-to: discuss AT lists.opennicproject.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have not built bind with Dampening yet, I just got the RRL patch
going last night. Will try to deploy an instance of the dampening
patch perhaps tonight.
I am up to my neck in open (and closed) source projects, but if nobody
else will step up to the plate to maintain a Debian style PPA for bind
with Dampening, I could perhaps (reluctantly) take care of getting
that off the ground....<sigh>....it will be for my own good anyway
come time to do an O/S update.....okay.....I'll do an Debian/Ubuntu PPA...
Does the RRL patch need such a PPA as well?
- --Mike
On 04/17/2013 04:35 AM, Stefan Sabolowitsch wrote:
>
> @to all Currently, it is so that one correct patch has to generate
> for each bind version. Last year, i have published the patch for
> v9.8 here in the list.
>
> Actually it is easy, it is necessary to only fight something with
> "diff" and "patch" to the right patch for each bind version
> creates. This is more a time issue. But i do of course understand
> that not everyone can do this.
>
> Of course, an repo would be ideal. But what do we with the various
> *nix (Centos, Ubuntu, FreeBSD etc.)? For example, i have only
> FreeBSD for DNS / WWW / FTP service.
>
> And yes, not a "DNS only solution" solves the problem alone.
> Important is also a good firewall rules / protection, example (rate
> / session limit, anti address sweeping, anti TCP / UDP flood, and
> so on). A good rock solid firewall is here elementary.
>
>
>
>
>
>
> In our business we use Netscreen FW, but privately i can recommend
> for an example "pfsense" http://www.pfsense.org.
>
>
> if possible also a ids / isp system helps, see here (only DNS
> rules): [1:2012728:3] ET CURRENT_EVENTS Known Hostile Domain
> citi-bank.ru Lookup [Classification: A Network Trojan was Detected]
> [Priority: 1]
>
> [1:2016591:5] ET DNS Reply Sinkhole - 46.149.18.14
> blacklistthisdomain.com [Classification: A Network Trojan was
> Detected] [Priority: 1]
>
> [1:2016102:2] ET TROJAN DNS Reply Sinkhole - Microsoft -
> 199.2.137.0/24 [Classification: A Network Trojan was Detected]
> [Priority: 1]
>
> [1:2014374:1] ET CURRENT_EVENTS Possible Zeus .info CnC Domain
> Generation Algorithm (DGA) Lookup NXDOMAIN Response
> [Classification: A Network Trojan was Detected] [Priority: 1]
>
>
> Regards Stefan
>
>
>
>
> Am 16.04.13 22:57 schrieb "Jeff Taylor" unter
> <shdwdrgn AT sourpuss.net>:
>
>> It sounds great, and for many people this would be a good
>> solution... Except that from what I'm reading, the only way to
>> get it is to compile the bleeding-edge BIND, which most people
>> aren't going to do.
>>
>> The other issue I see is that this is a BIND-only solution. What
>> about those of us who use dedicated firewalls and don't want the
>> excessive traffic flooding our internal networks? I prefer to
>> stop as much garbage as possible at the firewall, then use BIND
>> based solutions as a backup to catch whatever else gets through.
>>
>>
>> On 04/16/2013 12:53 AM, Stefan Sabolowitsch wrote:
>>> Hi guys. Why do you make your life not something easier?
>>> rate-limit and anti-spoof are OK and important, but what really
>>> helps is DNS dampening.
>>>
>>> http://lutz.donnerhacke.de/eng/Blog/DNS-Dampening
>>>
>>> It will be as a plugin in the upcoming release of Bind v10.
>>>
>>>
>>>
>>> http://bind10.isc.org/ticket/2840
>>>
>>> It's really works, look here "5.1k Dampening" requests per
>>> second
>>> http://www.pic-upload.de/view-18968967/DNS_Dampening.png.html
>>>
>>>
>>> should someone need help, just ask me maybe i can help here.
>>>
>>>
>>> Regards, Stefan
>>>
>>
>>
>> -------- You are a member of the OpenNIC Discuss list. You may
>> unsubscribe by emailing
>> discuss-unsubscribe AT lists.opennicproject.org
>>
>
>
>
>
> -------- You are a member of the OpenNIC Discuss list. You may
> unsubscribe by emailing
> discuss-unsubscribe AT lists.opennicproject.org
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJRbpW9AAoJEA7EcEr0emgftnUIAJPzuNtoej7JTCgtVGmvPjrP
MZTDG09ICjYwdrViUMI5ITjF9foClauWkeectF6Wh8nHWAfZnMVnNOvDQG37LMYq
8bNX4Av4pyxPIW1UVDdWiifs2/p0mq7rqStvFwh4tMH/Wy+Nh3t9KFWe8VwM9yYp
k7OOeDObJQR4f9tmbHhoP6H8R6wNST4SnivWZVbWQxtZNrr7swHIhXdAOvAz6jOx
XiLvmXnU+m/25pZrrf++7GiwsdydSDD6DfyLlxPEqIg1aZTqrRpx5gCj/cY4DOha
i0pdqeBOSWVS544MZMcZTYOiwI1MFLQAc1b1W8bktbi7uZvJp9Uua5MrlSbfwhk=
=1kGo
-----END PGP SIGNATURE-----
- Re: [opennic-discuss] DoS amp attack today, (continued)
- Re: [opennic-discuss] DoS amp attack today, Tim Groeneveld, 04/16/2013
- Re: [opennic-discuss] DoS amp attack today, Stefan Sabolowitsch, 04/16/2013
- Re: [opennic-discuss] DoS amp attack today, Futuro, 04/16/2013
- Re: [opennic-discuss] DoS amp attack today, Jeff Taylor, 04/16/2013
- Re: [opennic-discuss] DoS amp attack today, Guillaume Parent, 04/16/2013
- Re: [opennic-discuss] DoS amp attack today, Jeff Taylor, 04/16/2013
- Re: [opennic-discuss] DoS amp attack today, Jamyn Shanley, 04/17/2013
- Re: [opennic-discuss] DoS amp attack today, Julian DeMarchi, 04/17/2013
- Re: [opennic-discuss] DoS amp attack today, mike, 04/16/2013
- Re: [opennic-discuss] DoS amp attack today, Stefan Sabolowitsch, 04/16/2013
- Re: [opennic-discuss] DoS amp attack today, Stefan Sabolowitsch, 04/17/2013
- Re: [opennic-discuss] DoS amp attack today, mike, 04/17/2013
- Re: [opennic-discuss] DoS amp attack today, Guillaume Parent, 04/17/2013
- Re: [opennic-discuss] DoS amp attack today, Alex M (Coyo), 04/17/2013
- Re: [opennic-discuss] DoS amp attack today, Killman BOFH, 04/18/2013
- Re: [opennic-discuss] DoS amp attack today, Kenny Taylor, 04/18/2013
- Re: [opennic-discuss] DoS amp attack today, Killman BOFH, 04/18/2013
- Re: [opennic-discuss] DoS amp attack today, Tim Groeneveld, 04/16/2013
- Re: [opennic-discuss] DoS amp attack today, mike, 04/18/2013
- Re: [opennic-discuss] DoS amp attack today, Killman BOFH, 04/18/2013
- Re: [opennic-discuss] DoS amp attack today, Guillaume Parent, 04/18/2013
- Re: [opennic-discuss] DoS amp attack today, Alex M (Coyo), 04/18/2013
- Re: [opennic-discuss] DoS amp attack today, Jeff Taylor, 04/18/2013
Archive powered by MHonArc 2.6.19.