discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: Guillaume Parent <gparent AT gparent.org>
- To: discuss AT lists.opennicproject.org
- Subject: Re: [opennic-discuss] iptables rules inefficient
- Date: Sat, 1 Jun 2013 14:48:21 -0400
Other than the fact that it's bowing down to DDoS and that it breaks everyone's assumption of how a DNS server should react?
On Jun 1, 2013 2:43 PM, "Psilo" <dns AT psilo.org> wrote:
You all know that the target of DNS attacks is not the DNS service itself, nor the servers hosting it, right?Now can you please explain again how TCP is not a good solution?
Psilo
Le samedi 1 juin 2013, Kenny Taylor a écrit :Meet SYN cookie.. nom nom nom"Éric Boucher" <bouchereric0000 AT hotmail.com> wrote:Great try but i think you forgot about SYNFLOOD...- Éric> Date: Fri, 31 May 2013 21:45:58 -0400
> From: weblionx AT gmail.com
> To: discuss AT lists.opennicproject.org
> Subject: Re: [opennic-discuss] iptables rules inefficient
>
> Has anyone ever tried using TCP only for a DNS server? I don't know
> how well clients would handle that, and I know it has some extra
> latency, but if it eliminates the ability to use it for a DDoS it
> seems like it might be something worth trying.
>
> I'm assuming that regular TCP-DNS uses one connection per query. Would
> it be possible to set it up so it kept the connection up for many
> queries, or would that require using a tunnel or rewriting software?
>
> - C
>
> On Fri, May 24, 2013 at 6:40 AM, Psilo <dns AT psilo.org> wrote:
> > Thank you Jeff for binging the conversation back to the topic.
> >
> > Eric: I am simply using the rules mentioned in the wiki pointed by Jeff.
> >
> > The IRC conversation with the guy that understands nothing to DNS
> > amplification attacks is just useless.
> >
> > Psilo
> >
> >
> > Le vendredi 24 mai 2013, Jeff Taylor a écrit :
> >
> >> We have a collection of rules posted here:
> >> http://wiki.opennicproject.org/Tier2Security
> >>
> >>
> >> On 05/23/2013 09:43 AM, Éric Boucher wrote:
> >>
> >> This is great changes... May i ask for your rules so i can add it to mine
> >> ?
> >>
> >> Thanks,
> >> Éric
> >>
> >>
> >
>
>
> --------
> You are a member of the OpenNIC Discuss list.
> You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
- RE: [opennic-discuss] iptables rules inefficient, Éric Boucher, 06/01/2013
- RE: [opennic-discuss] iptables rules inefficient, Kenny Taylor, 06/01/2013
- Re: [opennic-discuss] iptables rules inefficient, Psilo, 06/01/2013
- Re: [opennic-discuss] iptables rules inefficient, Guillaume Parent, 06/01/2013
- Re: [opennic-discuss] iptables rules inefficient, Psilo, 06/01/2013
- <Possible follow-up(s)>
- Re: [opennic-discuss] iptables rules inefficient, staticsafe, 06/01/2013
- RE: [opennic-discuss] iptables rules inefficient, Kenny Taylor, 06/01/2013
Archive powered by MHonArc 2.6.19.