Re: outgoing-traffic

om] > Sent: Wednesday, July 27, 2016 10:51 AM > To: Ejaz <me...@cyberia.net.sa> > Cc: bind-users <bind-users@lists.isc.org> > Subject: Re: outgoing-traffic > > On 27 July 2016 at 08:41, Ejaz <me...@cyberia.net.sa> wrote: > > Thanks for all. > > > > But the s

Re: outgoing-traffic

On 27 July 2016 at 15:10, Matus UHLAR - fantomas wrote: however, if no responses will come from his server, it's more likely that the queries will stop. On 27.07.16 15:19, S Carr wrote: If you look at the capture there doesn't appear to be any responses being sent for the

Re: outgoing-traffic

On 27 July 2016 at 15:10, Matus UHLAR - fantomas wrote: > however, if no responses will come from his server, it's more likely that > the queries will stop. If you look at the capture there doesn't appear to be any responses being sent for the ANY queries to start with, yet

RE: outgoing-traffic

e also 50 bytes not more than that?? Ejaz -Original Message- From: S Carr [mailto:sjc...@gmail.com] Sent: Wednesday, July 27, 2016 4:58 PM To: Ejaz <me...@cyberia.net.sa> Cc: bind-users <bind-users@lists.isc.org> Subject: Re: outgoing-traffic On 27 July 2016 at 14:44, Ejaz

Re: outgoing-traffic

On 27 July 2016 at 14:44, Ejaz wrote: Such as, if someone is sending ANY request , by default it should be denied when users requests for it.. On 27.07.16 14:57, S Carr wrote: Denying the request isn't going to solve anything in this case, they are still going to

RE: outgoing-traffic

PM To: Ejaz <me...@cyberia.net.sa> Cc: 'bind-users' <bind-users@lists.isc.org> Subject: Re: outgoing-traffic Am 27.07.2016 um 15:55 schrieb Ejaz: > You mean I need to downgrade my bind to 9.11, as my current version is > "*BIND 9.9.2-P1"* in which country is 11 smal

Re: outgoing-traffic

On 27 July 2016 at 14:44, Ejaz wrote: > Such as, if someone is sending ANY request , by default it should be denied > when users requests for it.. Denying the request isn't going to solve anything in this case, they are still going to repeatedly ask for it and the

RE: outgoing-traffic

l.com>; 'bind-users' <bind-users@lists.isc.org> Subject: RE: outgoing-traffic Ejaz < <mailto:me...@cyberia.net.sa> me...@cyberia.net.sa> wrote: > > Such as, if someone is sending ANY request , by default it should be > denied when users requests for

RE: outgoing-traffic

Ejaz wrote: > > Such as, if someone is sending ANY request , by default it should be > denied when users requests for it.. BIND 9.11 will have a minimal-any option. https://tools.ietf.org/html/draft-ietf-dnsop-refuse-any

RE: outgoing-traffic

is sending ANY request , by default it should be denied when users requests for it.. Ejaz -Original Message- From: S Carr [mailto:sjc...@gmail.com] Sent: Wednesday, July 27, 2016 4:19 PM To: Ejaz <me...@cyberia.net.sa> Cc: bind-users <bind-users@lists.isc.org> Subject:

Re: outgoing-traffic

On 27 July 2016 at 13:33, Ejaz wrote: > Thank you so much Abdul for you instant support. > > As requested, Find the attached. So the 3 IPs (212.118.122.99-101) are continuously sending ANY requests for cpsc.gov No responses I can see are going from port 0, they are coming

RE: outgoing-traffic

Wednesday, July 27, 2016 3:04 PM >To: Ejaz <me...@cyberia.net.sa>; 'S Carr' <sjc...@gmail.com> >Cc: bind-users@lists.isc.org >Subject: RE: outgoing-traffic > >You can use tcpdump on your DNS server to take the trace. > >Command would be like below. > >

RE: outgoing-traffic

sage- >From: S Carr [mailto:sjc...@gmail.com] >Sent: Wednesday, July 27, 2016 10:51 AM >To: Ejaz <me...@cyberia.net.sa> >Cc: bind-users <bind-users@lists.isc.org> >Subject: Re: outgoing-traffic > >On 27 July 2016 at 08:41, Ejaz <me...@cyberia.net.sa> wrote:

RE: outgoing-traffic

-Original Message- From: S Carr [mailto:sjc...@gmail.com] Sent: Wednesday, July 27, 2016 10:51 AM To: Ejaz <me...@cyberia.net.sa> Cc: bind-users <bind-users@lists.isc.org> Subject: Re: outgoing-traffic On 27 July 2016 at 08:41, Ejaz <me...@cyberia.net.sa> wrote

Re: outgoing-traffic

On 27 July 2016 at 08:41, Ejaz wrote: > Thanks for all. > > But the strange thing is that if the request comes on 53 port then it should > go only from 53 is it?? Why goes out from 0, any clue would be highly > appreciate. > > Regards > Ejaz Where's the packet capture to

RE: outgoing-traffic

PM To: S Carr <sjc...@gmail.com> Cc: Ejaz <me...@cyberia.net.sa>; bind-users <bind-users@lists.isc.org> Subject: Re: outgoing-traffic S Carr <sjc...@gmail.com> wrote: > > You might want to check whether the requests are legitimate before > completely blocking them

Re: outgoing-traffic

In message , Tony Finch writes: > S Carr wrote: > > > > You might want to check whether the requests are legitimate before > > completely blocking them, rate limiting would be a better option. > > Remember this is TCP

Re: outgoing-traffic

S Carr wrote: > > You might want to check whether the requests are legitimate before > completely blocking them, rate limiting would be a better option. Remember this is TCP traffic. RRL is designed to deal with spoofed UDP traffic. It can actually make non-spoofed floods

Re: outgoing-traffic

Hi there, On Tue, 26 Jul 2016, Ejaz wrote: There is huge traffic coming out from my DNS server since yesterday and flooding the IP 212.107.121.110 ... Are you able to let us see your bind configuration? This might be IP spoofing, an attempted a DOS attack on the IP. Is there any reason why

RE: outgoing-traffic

-Original Message- From: Tony Finch [mailto:d...@dotat.at] Sent: Tuesday, July 26, 2016 11:54 AM To: Ejaz <me...@cyberia.net.sa> Cc: 'Abdul Khader' <akha...@ies.etisalat.ae>; bind-users@lists.isc.org Subject: RE: outgoing-traffic Ejaz < <mailto:me...@

Re: outgoing-traffic

On 26 July 2016 at 09:53, Tony Finch wrote: > Ejaz wrote: >> >> I am not using iptable firewall from my redhat Linux box, all traffic >> manged by network team.. You might want to check whether the requests are legitimate before completely blocking them,

RE: outgoing-traffic

Ejaz wrote: > > I am not using iptable firewall from my redhat Linux box, all traffic > manged by network team.. Well then, you should co-operate with them to fix the problem. You might find that it helps to put the following in the options{} section of named.conf, but

RE: outgoing-traffic

<akha...@ies.etisalat.ae>; bind-users@lists.isc.org Subject: Re: outgoing-traffic Am 26.07.2016 um 10:30 schrieb Ejaz: > I am not using iptable firewall from my redhat Linux box, all > traffic manged by network team.. what you currently do don't matter- you have a problem and got a solution (wh

RE: outgoing-traffic

I am not using iptable firewall from my redhat Linux box, all traffic manged by network team.. Ejaz From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Abdul Khader Sent: Tuesday, July 26, 2016 11:21 AM To: bind-users@lists.isc.org Subject: Re: outgoing-traffic

Re: outgoing-traffic

You can use iptables to rate-limit the IP. On 7/26/2016 12:11 PM, Ejaz wrote: All. There is huge traffic coming out from my DNS server since yesterday and flooding the IP 212.107.121.110, though I have increased the limitation of tcp-clients in named.conf but still the issue. any help