[BlueOnyx:12580] Re: DNS Spamming
Michael Stauber
mstauber at blueonyx.it
Mon Mar 18 20:05:11 -05 2013
Hi Will,
Check this article on DNS related attacks:
http://www.topology.org/linux/iptables_dns_flood.html
I've had a few clients who were hit by the ANY? queries a lot, so we
modified the APF firewall (part of the Solarspeed security) with the
hints and ideas from this article.
In essence there are two ways of doing so. Like Gerald mentioned: You
can use the IPtables recent module. Which works quite well. But it's
also possible to use packet inspection and just discard or drop
excessive ANY? queries from any given source.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list