Good day,
I have a problem in protecting one of our DNS severs (Debian, bind9).
One of our DNS servers is attacked with cache queries. Our servers are
protected the best way I can but this type of requests are coming from
everywhere and I can not find a effective way of stopping these queries.
On 7/8/2014 5:30 AM, Ruud Baart wrote:
> Good day,
>
> I have a problem in protecting one of our DNS severs (Debian, bind9).
> One of our DNS servers is attacked with cache queries. Our servers are
> protected the best way I can but this type of requests are coming from
> everywhere and I can n
4.5.5.3
But a upgrade is no problem
Tom Eastep schreef op 8-7-2014 16:55:
On 7/8/2014 5:30 AM, Ruud Baart wrote:
Good day,
I have a problem in protecting one of our DNS severs (Debian, bind9).
One of our DNS servers is attacked with cache queries. Our servers are
protected the best way I can
On 7/8/2014 8:10 AM, Ruud Baart wrote:
> Tom Eastep schreef op 8-7-2014 16:55:
>> On 7/8/2014 5:30 AM, Ruud Baart wrote:
>>> Good day,
>>>
>>> I have a problem in protecting one of our DNS severs (Debian, bind9).
>>> One of our DNS servers is attacked with cache queries. Our servers are
>>> prot
The queries contain all different domainnames, no pattern. As far as I
can see the only common ground is the recursion desired flag in the UDP
DNS query request (in wireshark: ...1 = Recursion desired: Do
query recursively). As far as I know normal client don't set the
recursion flag
On 7/8/2014 8:53 AM, Ruud Baart wrote:
>
> Tom Eastep schreef op 8-7-2014 17:35:
>> On 7/8/2014 8:10 AM, Ruud Baart wrote:
>>
>>> Tom Eastep schreef op 8-7-2014 16:55:
On 7/8/2014 5:30 AM, Ruud Baart wrote:
> Good day,
>
> I have a problem in protecting one of our DNS severs (Debi
I have seen it and I already tried it based on your previous mail. I
updated shorewall to the latest version and added the rule:
IPTABLES(DROP) wan1 $FW udp 53 ; -m string --hex-string
"|FF0001|" --algo bm
It doesn't work the way I hoped: iptables -nvL shows 0 packets. After
your a
Hi,
Shorewall on a new installation isn't compiling and reports this error:
ERROR: Invalid BROADCAST address /etc/shorewall/interfaces (line 2)
I've read that until version 4.2.x there was a bug that could lead to this
error, but I'm using 4.4.26.1-1. And in any case, I haven't got a BROADCAST
c
Sounds like you have a FORMAT 1 configuration file. If you want to
continue using FORMAT 1, you will have to place a '-' in the BROADCAST
column to get the compiler to skip it and move on to the options.
You can also switch to FORMAT 2.
You can have a look at shorewall-interfaces(5) for details.
On 7/8/2014 9:45 AM, Ruud Baart wrote:
> I have seen it and I already tried it based on your previous mail. I
> updated shorewall to the latest version and added the rule:
>
> IPTABLES(DROP) wan1 $FW udp 53 ; -m string --hex-string
> "|FF0001|" --algo bm
>
> It doesn't work the way I ho
Switching to FORMAT 2 did the trick.
Thanks so much.
By the way, I'm actually using Shorewall version 4.5.21 - I'm not sure
where I got "4.4.26" from. :(
On Tue, Jul 8, 2014 at 1:27 PM, Roberto C. Sánchez
wrote:
> Sounds like you have a FORMAT 1 configuration file. If you want to
> continue us
On 7/8/2014 10:08 AM, Db Clinton wrote:
> Hi,
> Shorewall on a new installation isn't compiling and reports this error:
>
> ERROR: Invalid BROADCAST address /etc/shorewall/interfaces (line 2)
>
>
> I've read that until version 4.2.x there was a bug that could lead to
> this error, but I'm us
I think I found part of the solution.
In /etc/shorewall/rules:
IPTABLES(DROP) wan1 $FW udp 53 ; -m string --algo bm --hex-string
"|0101|"
does not work. But
iptables -I INPUT 1 -p udp --dport 53 -m string --algo bm
--hex-string "|0101|" -j DROP
works.
I assume the place of the
On 7/8/2014 2:19 PM, Ruud Baart wrote:
> I think I found part of the solution.
>
> In /etc/shorewall/rules:
> IPTABLES(DROP) wan1 $FW udp 53 ; -m string --algo bm --hex-string
> "|0101|"
> does not work. But
> iptables -I INPUT 1 -p udp --dport 53 -m string --algo bm
> --hex-string
Perhaps, I have used your DNS DDOS rule which is documented on the
shorewall website
DNS_DDoS wan1 $FW udp domain
Tom Eastep schreef op 8-7-2014 23:33:
> On 7/8/2014 2:19 PM, Ruud Baart wrote:
>> I think I found part of the solution.
>>
>> In /etc/shorewall/rul
I think it works.
In /etc/shorewal/params I defined all trusted networks. In
/etc/shorewall/rules
?SECTION NEW
IPTABLES(DROP) wan1:!$TRUSTEDHOSTS $FW udp 53 ;
-m string --algo bm --hex-string "|0101|"
dropNotSyn wan1 $FW
16 matches
Mail list logo