[BlueOnyx:12654] Re: DNS Spamming
Colin Jack
colin at mainline.co.uk
Fri Mar 29 16:13:30 -05 2013
Hi Michael,
On 19 Mar 2013, at 01:05, Michael Stauber <mstauber at blueonyx.it> wrote:
> Hi Will,
>
> Check this article on DNS related attacks:
>
> http://www.topology.org/linux/iptables_dns_flood.html
>
> I've had a few clients who were hit by the ANY? queries a lot, so we
> modified the APF firewall (part of the Solarspeed security) with the
> hints and ideas from this article.
>
> In essence there are two ways of doing so. Like Gerald mentioned: You
> can use the IPtables recent module. Which works quite well. But it's
> also possible to use packet inspection and just discard or drop
> excessive ANY? queries from any given source.
>
I have the Solarspeed Security Suite on all my servers and my APF isn't blocking these little b* ...
Can I tighten it up? We have 50+ DNS connections from the same IP at the same time. I would like to limit this to say 2 ;0)
Thanks
Colin
More information about the Blueonyx
mailing list