dns-operations AT lists.opennicproject.org

Subject: Dns-operations mailing list

List archive

Re: [opennic-dns-operations] DoS attacks, don´t know what to do anymore...

From: Abraão Caldas <abraaocaldas AT gmail.com>
To: dns-operations AT lists.opennicproject.org
Subject: Re: [opennic-dns-operations] DoS attacks, don´t know what to do anymore...
Date: Wed, 25 Nov 2015 14:48:58 -0400

Well iptables in place, but dnstop still showing these queries....

2015-11-25 14:40 GMT-04:00 Joshua <devnull AT pfm.io>:

Hello,

If you throw these in your IPtables(if your using them) they should drop it.

-A OUTPUT -o eth0 -p udp -m string --algo bm --hex-string "|07|hehehey|02|ru" -j DROP
-A OUTPUT -o eth0 -p udp -m string --algo bm --hex-string "|04|cspc|03|gov" -j DROP

> On Nov 25, 2015, at 1:29 PM, <abraaocaldas AT gmail.com> <abraaocaldas AT gmail.com> wrote:
>
> Hello guys, i´m the operator of ns1.idf.fr.dns.opennic.glue , i´m happy with
> my 100% uptime but now i´m facing a pretty heavy DoS, a lot of queries with
> this:
>
>
> Query Name Count %
> --------------- --------- ------
> cpsc.gov 4819 24.7
> hehehey.ru 2374 12.2
>
>
> more than 4800 queries in less than 30 seconds. I put in action all the
> configurations to prevent this, but it keep coming more and more...
> Any advice?
>
> ----
> To unsubscribe, email dns-operations-unsubscribe AT lists.opennicproject.org

----
To unsubscribe, email dns-operations-unsubscribe AT lists.opennicproject.org

[opennic-dns-operations] DoS attacks, don´t know what to do anymore..., abraaocaldas, 11/25/2015
- Re: [opennic-dns-operations] DoS attacks, don´t know what to do anymore..., Joshua, 11/25/2015
  - Re: [opennic-dns-operations] DoS attacks, don´t know what to do anymore..., Abraão Caldas, 11/25/2015
    - Re: [opennic-dns-operations] DoS attacks, don´t know what to do anymore..., Dev Null, 11/25/2015
      - Re: [opennic-dns-operations] DoS attacks, don´t know what to do anymore..., Abraão Caldas, 11/25/2015