On Wed, Feb 11, 2009 at 01:21:35AM +0100,
Thomas Manson dev.mansontho...@gmail.com wrote
a message of 88 lines which said:
I believed I was on bind mailing list, a mailing list is where you
usually get some help... isn't it ?
You're right, it's a shame. Ask immediately for a refund, both
On Wed, Feb 11, 2009 at 01:35:31AM +0100,
Thomas Manson dev.mansontho...@gmail.com wrote
a message of 80 lines which said:
I'll temporray block the ip on my firewall
Very bad idea, since it is forged. You do exactly what the attacker
wanted you to do.
The proper thing to do is:
Well...
I'll temporray block the ip on my firewall
Very bad idea, since it is forged. You do exactly what the attacker
wanted you to do.
The proper thing to do is:
https://www.dns-oarc.net/oarc/articles/upward-referrals-considered-harmful
this is kind of response I expect : an answer of
An intelligently designed firewall rule that drops the incoming requests
isn't doing exactly what the attacker wants. It's the opposite. The
main effect of forged lookups is a response flood. And so it is also
intended to flood the victim with overwhelming amounts of DNS
responses. It, like any
I've been aware of this problem since it first came up on this and nanog's
list, but I'm having some configuration issues trying to make the upward
referrel be refused. I'm running bind-9.6.0P1, but I'm still seeing the NS
queries being answered in the log:
11-Feb-2009 09:34:25.489 queries:
On Wed, 11 Feb 2009, Matthew Huff wrote:
I've been aware of this problem since it first came up on this and nanog's
list, but I'm having some configuration issues trying to make the upward
referrel be refused. I'm running bind-9.6.0P1, but I'm still seeing the NS
queries being answered in the
Thanks to David Forest, I realize now that the query IS being refused,
however nothing in the bind log shows the refusal. Is there anyway to see
that in the log?
Matthew Huff | One Manhattanville Rd
OTA Management LLC | Purchase, NY 10577
http://www.ox.com | Phone: 914-460-4039
aim:
Hi,
I can see in my secondary DNS server a lot of logs with query(cache) denied
from the same ip.
I've traceroute one of them which seems to be a russian computer.
* *
17 ns1.orlan-net.ru (195.68.176.4) 136.563 ms * *
Feb 11 00:21:49 ns1 named[13392]: client 195.68.176.4#59934: query
Please go read the list achives.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
In message f43eb7e60902101552l524787b1t72fcc821437af...@mail.gmail.com, Thoma
s Manson writes:
The subject matter has been discussed in lots of detail
over the last month. Go read the archives of the mailing
list.
Mark
--
Mark Andrews, ISC
1 Seymour St.,
That's some awesome answer... (did you get helped to elaborate it?)
equivalent : google is your friend, search the RFCs
Then... read the list archives... I guess I can spend the next ten years if
I read it from the beginning
Could you give any clue of what to look for ?
I believed I was on
In message f43eb7e60902101621y66133c17lc46a1df451f1b...@mail.gmail.com, Thoma
s Manson writes:
--00163646c41c20dc350462999600
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
That's some awesome answer... (did you get helped to elaborate it?)
equivalent : google is
someone answers me,
you could just have say search reflector DoS attack in the archive list,
this would have narrow down a lot my research.
I'll temporray block the ip on my firewall
On Wed, Feb 11, 2009 at 01:21, Mark Andrews mark_andr...@isc.org wrote:
In message
13 matches
Mail list logo