[BlueOnyx:12658] Re: DNS Spamming
Roy Urick
rurick at usa.net
Fri Mar 29 17:41:25 -05 2013
Why not disable recursion? Do you need to offer full public DNS to the world? (And not just for the Authoritative domains you control?)
Sent from my iPhone
On Mar 29, 2013, at 5:13 PM, Colin Jack <colin at mainline.co.uk> wrote:
> Hi Michael,
>
> On 19 Mar 2013, at 01:05, Michael Stauber <mstauber at blueonyx.it> wrote:
>
>> Hi Will,
>>
>> Check this article on DNS related attacks:
>>
>> http://www.topology.org/linux/iptables_dns_flood.html
>>
>> I've had a few clients who were hit by the ANY? queries a lot, so we
>> modified the APF firewall (part of the Solarspeed security) with the
>> hints and ideas from this article.
>>
>> In essence there are two ways of doing so. Like Gerald mentioned: You
>> can use the IPtables recent module. Which works quite well. But it's
>> also possible to use packet inspection and just discard or drop
>> excessive ANY? queries from any given source.
>>
>
> I have the Solarspeed Security Suite on all my servers and my APF isn't blocking these little b* ...
>
> Can I tighten it up? We have 50+ DNS connections from the same IP at the same time. I would like to limit this to say 2 ;0)
>
> Thanks
>
> Colin
>
>
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
More information about the Blueonyx
mailing list