On Mon, Jul 23, 2012 at 04:49:24PM +0200,
Stephane Bortzmeyer bortzme...@nic.fr wrote
a message of 15 lines which said:
Buggy. It parses the DNS packet from the end and therefore fails
with EDNS packets (which have the OPT resource record at the end).
After checking, I stand corrected. This
Actually we detected these ripe.net ANY requests by observing an
increase in TCP DNS requests due to large DNSSEC responses. IP address
does not seem spoofed. It seems these (very few) client wait 10 sec
before closing their TCP connection, which increases the platform load.
We think it is a
In message 500ed56f.1080...@gmail.com, Daniel Migault writes:
Actually we detected these ripe.net ANY requests by observing an
increase in TCP DNS requests due to large DNSSEC responses. IP address
does not seem spoofed. It seems these (very few) client wait 10 sec
before closing their TCP
Hi all,
I am new subscriber of your list.
I browsed the archive but didn't find answer/hint for my problem.
I am running (at FreeBSD 9.1-PRERELEASE) public caching DNS server.
Since about 2 months I've been receiving lot of (DNS flood attack?)
queries like:
23-Jul-2012 14:03:28.813 queries:
On 23/07/12 13:07, Marek Salwerowicz wrote:
Hi all,
I am new subscriber of your list.
I browsed the archive but didn't find answer/hint for my problem.
I am running (at FreeBSD 9.1-PRERELEASE) public caching DNS server.
Since about 2 months I've been receiving lot of (DNS flood attack?)
On Mon, Jul 23, 2012 at 02:07:51PM +0200,
Marek Salwerowicz marek_...@wp.pl wrote
a message of 30 lines which said:
What I made now, is just to parse logs and block IPs that ask for
ripe.net via ipfw.
As mentioned by Phil Mayers, the source IP address is forged. By
blocking this IP, you
W dniu 2012-07-23 14:33, Stephane Bortzmeyer pisze:
But is there any other solutions for that permanent attacks?
The operators of F-root use this on their FreeBSD machines to
rate-limit per source IP:
add pipe 1 udp from any to any 53 in
pipe 1 config mask src-ip
On Mon, Jul 23, 2012 at 03:09:35PM +0200,
Marek Salwerowicz marek_...@wp.pl wrote
a message of 18 lines which said:
BTW - is this attack any new kind of virus/spyware or sth ?
Not every security problem on the Internet is a virus. And I do not
see why a spyware would like to DoS people.
Dne 23.7.2012 15:09, Marek Salwerowicz napsal(a):
BTW - is this attack any new kind of virus/spyware or sth ?
Actually, I think these queries to ripe.net ANY with EDNS0 are caused by
some common malware. My servers are receiving these from time to time
and complaining to a person responsible for
On Mon, Jul 23, 2012 at 04:42:11PM +0200,
Ond?ej Caletka ondrej.cale...@cesnet.cz wrote
a message of 159 lines which said:
I use this iptables matcher to identify incoming query type:
https://github.com/oskar456/xt_dns
Buggy. It parses the DNS packet from the end and therefore fails with
On Mon, 23 Jul 2012, Stephane Bortzmeyer wrote:
The operators of F-root use this on their FreeBSD machines to
rate-limit per source IP:
add pipe 1 udp from any to any 53 in
pipe 1 config mask src-ip 0x buckets 1024 bw 400Kbit/s queue 3
add pipe 2 tcp
11 matches
Mail list logo