Re: [CentOS] BIND server getting DDOS

[Mark Milhollan]

On Wed, 3 Aug 2022, Gordon Messmer wrote:

On 8/3/22 11:08, Mark Milhollan wrote:



Usually that's someone hoping to use you in a reflection attack


Doesn't a reflection attack require the reflecting server to answer queries?  
I'd think that the server logging that the query was denied would indicate 
that it is not vulnerable to that type of abuse.


The server did send a DNS response packet to the apparent sources, just 
not as large as an attacker usually hopes for -- a referral is 800+ 
bytes vs REFUSED which is about 30.  So a successful reflection but not 
quite the level of attack desired.


The source addresses might be correct but in that case the systems are 
misconfigured since they want to resolve the root to an IP address, 
perhaps due to a recent update.



/mark
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BIND server getting DDOS

[Mike Burger]

On 2022-08-03 23:20, Gordon Messmer wrote:

On 8/3/22 11:08, Mark Milhollan wrote:

Usually that's someone hoping to use you in a reflection attack



Doesn't a reflection attack require the reflecting server to answer
queries?  I'd think that the server logging that the query was denied
would indicate that it is not vulnerable to that type of abuse.


While this is true, denial of those queries doesn't prevent that server 
from potentially being flooded with those queries.

--
Mike Burger
http://www.bubbanfriends.org

"It's always suicide-mission this, save-the-planet that. No one ever 
just stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos