[BlueOnyx:12567] Re: DNS Spamming
Gerald Waugh
gwaugh at frontstreetnetworks.com
Mon Mar 18 12:33:03 -05 2013
On 03/18/2013 06:00 AM, Will Nordmeyer wrote:
>
> Last night (actually over the past few days), my server has been
> hammered with DNS requests (to the tune of about 5 Mb/sec bandwidth, 6
> IPs, 10-20 connections, thousands of requests)... Is there a way for
> bfd/apf or another tool to monitor for this and add the offending
> servers to either deny_hosts.rules or iptables?
>
>
/sbin/iptables -A INPUT -i eth0 -p tcp -m tcp --dport 53 -m state
--state NEW -m recent --set --name DNS --rsource
/sbin/iptables -A INPUT -i eth0 -p tcp -m tcp --dport 53 -m state
--state NEW -m recent --update --seconds 60 --hitcount 10 --rttl --name
DNS --rsource -j LOG --log-prefix "Block DNS port 53 Attack "
/sbin/iptables -A INPUT -i eth0 -p tcp -m tcp --dport 53 -m state
--state NEW -m recent --update --seconds 60 --hitcount 10 --rttl --name
DNS --rsource -j DROP
--
Gerald Waugh
Front Street Networks
(318) 734-4779
(318) 401-0428
More information about the Blueonyx
mailing list