DDOS Atatck on BIND 9.8.0
Hi We are running BIND 9.8.0 on Solaris 10 machine. We are getting continuous hits from various IPs to isc.org (snoop report attached) Due to it our DNS is not responding to other genuine query and users are not able to browse. 0.2 59.178.138.195 - 203.94.243.70 DNS C isc.org. Internet * ? 929 0.0 59.178.51.128 - 203.94.243.70 DNS C isc.org. Internet * ? 937 0.0 59.178.166.44 - 203.94.243.70 DNS C isc.org. Internet * ? 944 0.0 120.59.103.34 - 203.94.243.70 DNS C isc.org. Internet * ? 949 0.0 59.180.142.190 - 203.94.243.70 DNS C isc.org. Internet * ? 955 0.1 59.178.50.68 - 203.94.243.70 DNS C isc.org. Internet * ? 964 0.0 120.60.156.1 - 203.94.243.70 DNS C isc.org. Internet * ? 969 0.1 59.180.159.121 - 203.94.243.70 DNS C isc.org. Internet * ? 973 0.0 59.178.182.103 - 203.94.243.70 DNS C isc.org. Internet * ? 980 0.0 59.178.169.247 - 203.94.243.70 DNS C isc.org. Internet * ? 983 0.0 59.178.162.136 - 203.94.243.70 DNS C isc.org. Internet * ? 993 0.3 120.59.108.86 - 203.94.243.70 DNS C isc.org. Internet * ? 998 0.0 59.178.51.96 - 203.94.243.70 DNS C isc.org. Internet * ? 999 0.00010 120.56.185.176 - 203.94.243.70 DNS C isc.org. Internet * ? 1001 0.0 59.180.146.89 - 203.94.243.70 DNS C isc.org. Internet * ? 1015 0.2 59.178.177.217 - 203.94.243.70 DNS C isc.org. Internet * ? 1027 0.0 59.178.62.149 - 203.94.243.70 DNS C isc.org. Internet * ? 1028 0.0 59.178.165.0 - 203.94.243.70 DNS C isc.org. Internet * ? 1037 0.0 59.180.140.93 - 203.94.243.70 DNS C isc.org. Internet * ? 1064 0.0 59.178.183.73 - 203.94.243.70 DNS C isc.org. Internet * ? 1093 0.0 59.177.139.7 - 203.94.243.70 DNS C isc.org. Internet * ? 1103 0.1 59.183.143.46 - 203.94.243.70 DNS C isc.org. Internet * ? Thanks Amit ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
?????? DDOS Atatck on BIND 9.8.0
Hello, I used to get a lot of these kind of junk queries for ripe.net and isc.org in ANY type. I just manually block these source IPs in iptables. I did this work for several months and there was no more junk queries after. Also, one of my another DNS server was hacked or whatever and was used to send these kind of junk. My IP was nulled by operator because too high network loads. So, I believe this is maybe a bug or something that BIND 9.8 has. I think is better to upgrade to the latest version. -Original Message- From: Amit Gupta jto...@bol.net.in Sender: bind-users-bounces+xuezxbb=gmail@lists.isc.orgDate: Fri, 21 Sep 2012 15:26:23 To: bind-users@lists.isc.org Cc: ams...@bol.net.in Subject: DDOS Atatck on BIND 9.8.0 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
?????? DDOS Atatck on BIND 9.8.0
Actually I don't have very good idea about it. It's kind of you just cannot do anything about it. Also you're not the server used to attack others so there're less action can be done. I just think you can upgrade to BIND 9, because you're ISP level so most actions I have done , you can't do it. How much bandwidth cost for attack every day? -Original Message- From: Amit Gupta jto...@bol.net.in Date: Fri, 21 Sep 2012 16:02:38 To: bind-users@lists.isc.org Cc: ams...@bol.net.in; xuez...@gmail.com Subject: DDOS Atatck on BIND 9.8.0 Hi At ISP level it is not possible to block IPs for us . Do I require some patch or upgrade to higher BIND .? Or some OS patch of Solaris is required ? Some how I know that these query is of ANY type and response is chocking Ethernet traffic. Please suggest . This BIND is on our production environment . Thanks Amit ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users