discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: Killman BOFH <killman AT dkcorp.ec>
- To: discuss AT lists.opennicproject.org
- Subject: Re: [opennic-discuss] DoS amp attack today
- Date: Thu, 18 Apr 2013 14:47:58 -0500
I'm having a denial of service attack the block 46.165.192.0/18
dkcorp.ec | CEO
Enterprise Networks
Enterprise Networks
Blog: unixlegion.com
GPG Key: 0xBBDC0CDE
Community: www.sle.ec
IT Security - ISO 27000 - Packet Core
Phone: +593 995 956811 | +593 07 2952-763
On Wed, Apr 17, 2013 at 3:31 PM, Alex M (Coyo) <coyo AT darkdna.net> wrote:
Would these DNS dampening, rate-limiting and anti-spoofing techniques work with PowerDNS?
Obviously, Snort IDS, and Shoreline Firewall, SELinux and AppArmor are all good, and disabling SU (use sudo only) and using a makejail chroot jail for every service (including bind or pdns, whichever) would be wise, however
what can you do in terms of dampening, rate-limiting and other anti-amplification precautions can you take with powerdns?
On 04/17/2013 02:50 PM, Guillaume Parent wrote:
I checked the Bind 9.8.4 (testing repo on debian) contains the rate limiting patch. I will be compiling the bind9 testing package on a stable base and testing it shortly, if the package seems to work fine I will make it available.
On Wed, Apr 17, 2013 at 8:29 AM, mike <mike AT pikeaero.com> wrote:
I have not built bind with Dampening yet, I just got the RRL patch
going last night. Will try to deploy an instance of the dampening
patch perhaps tonight.
On 04/17/2013 04:35 AM, Stefan Sabolowitsch wrote:
>> And yes, not a "DNS only solution" solves the problem alone.
> Important is also a good firewall rules / protection, example (rate
> / session limit, anti address sweeping, anti TCP / UDP flood, and
> so on). A good rock solid firewall is here elementary.
>
> In our business we use Netscreen FW, but privately i can recommend
> for an example "pfsense" http://www.pfsense.org.
>
>
> if possible also a ids / isp system helps
>> Am 16.04.13 22:57 schrieb "Jeff Taylor" unter
> <shdwdrgn AT sourpuss.net>:
>
>> It sounds great, and for many people this would be a good
>> solution... Except that from what I'm reading, the only way to
>> get it is to compile the bleeding-edge BIND, which most people
>> aren't going to do.
>>>> On 04/16/2013 12:53 AM, Stefan Sabolowitsch wrote:
>>> Hi guys. Why do you make your life not something easier?
>>> rate-limit and anti-spoof are OK and important, but what really
>>> helps is DNS dampening.
- Re: [opennic-discuss] DoS amp attack today, (continued)
- Re: [opennic-discuss] DoS amp attack today, Jeff Taylor, 04/16/2013
- Re: [opennic-discuss] DoS amp attack today, Guillaume Parent, 04/16/2013
- Re: [opennic-discuss] DoS amp attack today, Jeff Taylor, 04/16/2013
- Re: [opennic-discuss] DoS amp attack today, Jamyn Shanley, 04/17/2013
- Re: [opennic-discuss] DoS amp attack today, Julian DeMarchi, 04/17/2013
- Re: [opennic-discuss] DoS amp attack today, Jeff Taylor, 04/16/2013
- Re: [opennic-discuss] DoS amp attack today, mike, 04/16/2013
- Re: [opennic-discuss] DoS amp attack today, Stefan Sabolowitsch, 04/17/2013
- Re: [opennic-discuss] DoS amp attack today, mike, 04/17/2013
- Re: [opennic-discuss] DoS amp attack today, Guillaume Parent, 04/17/2013
- Re: [opennic-discuss] DoS amp attack today, Alex M (Coyo), 04/17/2013
- Re: [opennic-discuss] DoS amp attack today, Killman BOFH, 04/18/2013
- Re: [opennic-discuss] DoS amp attack today, Kenny Taylor, 04/18/2013
- Re: [opennic-discuss] DoS amp attack today, Killman BOFH, 04/18/2013
- Re: [opennic-discuss] DoS amp attack today, mike, 04/18/2013
- Re: [opennic-discuss] DoS amp attack today, Killman BOFH, 04/18/2013
- Re: [opennic-discuss] DoS amp attack today, Guillaume Parent, 04/18/2013
- Re: [opennic-discuss] DoS amp attack today, Alex M (Coyo), 04/18/2013
- Re: [opennic-discuss] DoS amp attack today, Jeff Taylor, 04/18/2013
- Re: [opennic-discuss] DoS amp attack today, Killman BOFH, 04/18/2013
- Re: [opennic-discuss] DoS amp attack today, Kenny Taylor, 04/18/2013
Archive powered by MHonArc 2.6.19.