Am 01.07.2014 17:27, schrieb Carl Byington: > On Tue, 2014-07-01 at 16:45 +0200, Reindl Harald wrote: >> 30-Jun-2014 13:24:31.717 rate-limit: limit NODATA responses to >> 69.171.248.0/24 for ns1.thelounge.net IN (1abd134b) > > I also see the rate limiting kicking in for facebook ranges. I should > setup a tcpdump filter to log all the queries from those ranges. > > 31.13.99.0/24 > 69.171.248.0/24 > 173.252.74.0/24 > 173.252.77.0/24 > 173.252.102.0/24 > 173.252.113.0/24
feedback appreciated for a amplification attack that's too few and unlikely someone asks for NS/A records instead ANY - my only explaination is that facebook tries to find servers which are vulerable to amplification attacks and not rate-limiting as i started with RRL those hits leaded to raise my limits and if i am right their "tests" make things worser, god knows how many admins raise their limits because that noise and making things worser than needed :-(
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
