[BlueOnyx:12683] Re: DNS Spamming
Colin Jack
colin at mainline.co.uk
Sat Mar 30 12:14:22 -05 2013
We always have recursion off.
This does not stop ANY? queries as Michael pointed out.
Colin
On 29 Mar 2013, at 22:41, Roy Urick <rurick at usa.net> wrote:
> Why not disable recursion? Do you need to offer full public DNS to the world? (And not just for the Authoritative domains you control?)
>
>
>
> Sent from my iPhone
>
> On Mar 29, 2013, at 5:13 PM, Colin Jack <colin at mainline.co.uk> wrote:
>
>> Hi Michael,
>>
>> On 19 Mar 2013, at 01:05, Michael Stauber <mstauber at blueonyx.it> wrote:
>>
>>> Hi Will,
>>>
>>> Check this article on DNS related attacks:
>>>
>>> http://www.topology.org/linux/iptables_dns_flood.html
>>>
>>> I've had a few clients who were hit by the ANY? queries a lot, so we
>>> modified the APF firewall (part of the Solarspeed security) with the
>>> hints and ideas from this article.
>>>
>>> In essence there are two ways of doing so. Like Gerald mentioned: You
>>> can use the IPtables recent module. Which works quite well. But it's
>>> also possible to use packet inspection and just discard or drop
>>> excessive ANY? queries from any given source.
>>>
>>
>> I have the Solarspeed Security Suite on all my servers and my APF isn't blocking these little b* ...
>>
>> Can I tighten it up? We have 50+ DNS connections from the same IP at the same time. I would like to limit this to say 2 ;0)
>>
>> Thanks
>>
>> Colin
>>
>>
>>
>> _______________________________________________
>> Blueonyx mailing list
>> Blueonyx at mail.blueonyx.it
>> http://mail.blueonyx.it/mailman/listinfo/blueonyx
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
More information about the Blueonyx
mailing list