om]
> Sent: Wednesday, July 27, 2016 10:51 AM
> To: Ejaz <me...@cyberia.net.sa>
> Cc: bind-users <bind-users@lists.isc.org>
> Subject: Re: outgoing-traffic
>
> On 27 July 2016 at 08:41, Ejaz <me...@cyberia.net.sa> wrote:
> > Thanks for all.
> >
> > But the s
On 27 July 2016 at 15:10, Matus UHLAR - fantomas wrote:
however, if no responses will come from his server, it's more likely that
the queries will stop.
On 27.07.16 15:19, S Carr wrote:
If you look at the capture there doesn't appear to be any responses
being sent for the
On 27 July 2016 at 15:10, Matus UHLAR - fantomas wrote:
> however, if no responses will come from his server, it's more likely that
> the queries will stop.
If you look at the capture there doesn't appear to be any responses
being sent for the ANY queries to start with, yet
e also 50 bytes not more than that??
Ejaz
-Original Message-
From: S Carr [mailto:sjc...@gmail.com]
Sent: Wednesday, July 27, 2016 4:58 PM
To: Ejaz <me...@cyberia.net.sa>
Cc: bind-users <bind-users@lists.isc.org>
Subject: Re: outgoing-traffic
On 27 July 2016 at 14:44, Ejaz
On 27 July 2016 at 14:44, Ejaz wrote:
Such as, if someone is sending ANY request , by default it should be denied
when users requests for it..
On 27.07.16 14:57, S Carr wrote:
Denying the request isn't going to solve anything in this case, they
are still going to
PM
To: Ejaz <me...@cyberia.net.sa>
Cc: 'bind-users' <bind-users@lists.isc.org>
Subject: Re: outgoing-traffic
Am 27.07.2016 um 15:55 schrieb Ejaz:
> You mean I need to downgrade my bind to 9.11, as my current version is
> "*BIND 9.9.2-P1"*
in which country is 11 smal
On 27 July 2016 at 14:44, Ejaz wrote:
> Such as, if someone is sending ANY request , by default it should be denied
> when users requests for it..
Denying the request isn't going to solve anything in this case, they
are still going to repeatedly ask for it and the
l.com>; 'bind-users' <bind-users@lists.isc.org>
Subject: RE: outgoing-traffic
Ejaz < <mailto:me...@cyberia.net.sa> me...@cyberia.net.sa> wrote:
>
> Such as, if someone is sending ANY request , by default it should be
> denied when users requests for
Ejaz wrote:
>
> Such as, if someone is sending ANY request , by default it should be
> denied when users requests for it..
BIND 9.11 will have a minimal-any option.
https://tools.ietf.org/html/draft-ietf-dnsop-refuse-any
is sending ANY request , by default it should be denied
when users requests for it..
Ejaz
-Original Message-
From: S Carr [mailto:sjc...@gmail.com]
Sent: Wednesday, July 27, 2016 4:19 PM
To: Ejaz <me...@cyberia.net.sa>
Cc: bind-users <bind-users@lists.isc.org>
Subject:
On 27 July 2016 at 13:33, Ejaz wrote:
> Thank you so much Abdul for you instant support.
>
> As requested, Find the attached.
So the 3 IPs (212.118.122.99-101) are continuously sending ANY
requests for cpsc.gov
No responses I can see are going from port 0, they are coming
Wednesday, July 27, 2016 3:04 PM
>To: Ejaz <me...@cyberia.net.sa>; 'S Carr' <sjc...@gmail.com>
>Cc: bind-users@lists.isc.org
>Subject: RE: outgoing-traffic
>
>You can use tcpdump on your DNS server to take the trace.
>
>Command would be like below.
>
>
sage-
>From: S Carr [mailto:sjc...@gmail.com]
>Sent: Wednesday, July 27, 2016 10:51 AM
>To: Ejaz <me...@cyberia.net.sa>
>Cc: bind-users <bind-users@lists.isc.org>
>Subject: Re: outgoing-traffic
>
>On 27 July 2016 at 08:41, Ejaz <me...@cyberia.net.sa> wrote:
-Original Message-
From: S Carr [mailto:sjc...@gmail.com]
Sent: Wednesday, July 27, 2016 10:51 AM
To: Ejaz <me...@cyberia.net.sa>
Cc: bind-users <bind-users@lists.isc.org>
Subject: Re: outgoing-traffic
On 27 July 2016 at 08:41, Ejaz <me...@cyberia.net.sa> wrote
On 27 July 2016 at 08:41, Ejaz wrote:
> Thanks for all.
>
> But the strange thing is that if the request comes on 53 port then it should
> go only from 53 is it?? Why goes out from 0, any clue would be highly
> appreciate.
>
> Regards
> Ejaz
Where's the packet capture to
PM
To: S Carr <sjc...@gmail.com>
Cc: Ejaz <me...@cyberia.net.sa>; bind-users <bind-users@lists.isc.org>
Subject: Re: outgoing-traffic
S Carr <sjc...@gmail.com> wrote:
>
> You might want to check whether the requests are legitimate before
> completely blocking them
In message , Tony Finch
writes:
> S Carr wrote:
> >
> > You might want to check whether the requests are legitimate before
> > completely blocking them, rate limiting would be a better option.
>
> Remember this is TCP
S Carr wrote:
>
> You might want to check whether the requests are legitimate before
> completely blocking them, rate limiting would be a better option.
Remember this is TCP traffic.
RRL is designed to deal with spoofed UDP traffic. It can actually make
non-spoofed floods
Hi there,
On Tue, 26 Jul 2016, Ejaz wrote:
There is huge traffic coming out from my DNS server since yesterday and
flooding the IP 212.107.121.110 ...
Are you able to let us see your bind configuration?
This might be IP spoofing, an attempted a DOS attack on the IP.
Is there any reason why
-Original Message-
From: Tony Finch [mailto:d...@dotat.at]
Sent: Tuesday, July 26, 2016 11:54 AM
To: Ejaz <me...@cyberia.net.sa>
Cc: 'Abdul Khader' <akha...@ies.etisalat.ae>; bind-users@lists.isc.org
Subject: RE: outgoing-traffic
Ejaz < <mailto:me...@
On 26 July 2016 at 09:53, Tony Finch wrote:
> Ejaz wrote:
>>
>> I am not using iptable firewall from my redhat Linux box, all traffic
>> manged by network team..
You might want to check whether the requests are legitimate before
completely blocking them,
Ejaz wrote:
>
> I am not using iptable firewall from my redhat Linux box, all traffic
> manged by network team..
Well then, you should co-operate with them to fix the problem.
You might find that it helps to put the following in the options{} section
of named.conf, but
<akha...@ies.etisalat.ae>;
bind-users@lists.isc.org
Subject: Re: outgoing-traffic
Am 26.07.2016 um 10:30 schrieb Ejaz:
> I am not using iptable firewall from my redhat Linux box, all
> traffic manged by network team..
what you currently do don't matter- you have a problem and got a solution
(wh
I am not using iptable firewall from my redhat Linux box, all traffic
manged by network team..
Ejaz
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of
Abdul Khader
Sent: Tuesday, July 26, 2016 11:21 AM
To: bind-users@lists.isc.org
Subject: Re: outgoing-traffic
You can use iptables to rate-limit the IP.
On 7/26/2016 12:11 PM, Ejaz wrote:
All.
There is huge traffic coming out from my DNS server since yesterday
and flooding the IP 212.107.121.110, though I have increased the
limitation of tcp-clients in named.conf but still the issue. any help
25 matches
Mail list logo