Re: [nlug] DNS attack mitigation suggestions?

2014-02-27 Thread Wesley Duffee-Braun
Hi Dave, Have you looked into Fail2Ban? I've used it in the past to dynamically block random-and-repeating IP's. http://www.fail2ban.org/wiki/index.php/Main_Page - Wesley On Thu, Feb 27, 2014 at 12:29 PM, David R. Wilson da...@wwns.com wrote: Hi guys, I have had a problem with non

Re: [nlug] DNS attack mitigation suggestions?

2014-02-27 Thread Tilghman Lesher
On Thu, Feb 27, 2014 at 12:29 PM, David R. Wilson da...@wwns.com wrote: I have had a problem with non resolvable IP addresses hitting my DNS server (running BIND9) and eating up bandwidth. I am sure there is some instructions on how to assure the IP numbers resolve, but I apparently missed

Re: [nlug] DNS attack mitigation suggestions?

2014-02-27 Thread David R. Wilson
Thanks Guys, That is part of the problem. Charter as best I can tell refuses to block anything. The fail2ban program looks like it might work. It looks like just a ping to verify the address is legitimate and drop the packet if there is no response would be one way to do it. I will stare at

Re: [nlug] DNS attack mitigation suggestions?

2014-02-27 Thread Wesley Duffee-Braun
Hi Dave, Here is a link about someone who went through your scenario with a DNS server and DDOS https://www.debian-administration.org/article/Blocking_a_DNS_DDOS_using_the_fail2ban_package Debian, not sure what you are running, but Fail2Ban should be similar setup. - Wesley On Thu, Feb 27,

Re: [nlug] DNS attack mitigation suggestions?

2014-02-27 Thread Steven S. Critchfield
- Original Message - Hi guys, I have had a problem with non resolvable IP addresses hitting my DNS server (running BIND9) and eating up bandwidth. I am sure there is some instructions on how to assure the IP numbers resolve, but I apparently missed the instructions. Some of those

Re: [nlug] DNS attack mitigation suggestions?

2014-02-27 Thread David R. Wilson
Thanks Wesley, That helps a bunch. In this case it is a Centos box, but I don't think that is going to cause any problems. Dave On Thu, 2014-02-27 at 13:19 -0600, Wesley Duffee-Brahun wrote: Hi Dave, Here is a link about someone who went through your scenario with a DNS server and DDOS

Re: [nlug] DNS attack mitigation suggestions?

2014-02-27 Thread Wesley Duffee-Braun
Good deal - let me know if you have any issues! On Thu, Feb 27, 2014 at 3:33 PM, David R. Wilson da...@wwns.com wrote: Thanks Wesley, That helps a bunch. In this case it is a Centos box, but I don't think that is going to cause any problems. Dave On Thu, 2014-02-27 at 13:19 -0600,

Re: [nlug] DNS attack mitigation suggestions?

2014-02-27 Thread Bill Woody
To add to david's problems, youvebeenowned.org seems to have found an exploit. While the domain name does not resolve, the IP shows a little of their handiwork. On Thu, Feb 27, 2014 at 4:41 PM, Wesley Duffee-Braun wduf...@gmail.comwrote: Good deal - let me know if you have any issues!