nanog mailing list archives
Re: DNS dDos Attack!
From: Dan Armstrong <dan () beanfield com>
Date: Fri, 28 Mar 2003 09:28:48 -0500
Sorry, I lied. We are running 8.34Release What I cannot figure out is why *our* name server is sending out ICMP unreachables. The incoming dns queries are coming from random destinations.... I have blocked icmp 3 incoming from that DMZ as not to overwhelm the CEF in any other routers, but whoever is doing this has this name server at it's knees. Dan. Eric Whitehill wrote:
Dan: Can you updated your version of BIND and install some acls? -Eric On Fri, 28 Mar 2003, Dan Armstrong wrote:Date: Fri, 28 Mar 2003 09:20:20 -0500 From: Dan Armstrong <dan () beanfield com> To: nanog () merit edu Subject: DNS dDos Attack! I am sorry if this has come up before, but it seems that one of our name servers is under some sort of dDos attack. It seems to be receiving millions of queries form spoofed IPs, and it is spending all of it's time sending back icmp unreachables. It is running bind 4.31 under BSD 4.62STABLE Help! Thanks, Dan.
Current thread:
- DNS dDos Attack! Dan Armstrong (Mar 28)
- Re: DNS dDos Attack! Stephen J. Wilcox (Mar 28)
- Message not available
- Re: DNS dDos Attack! Dan Armstrong (Mar 28)
- Re: DNS dDos Attack! Jared Mauch (Mar 28)
- Re: DNS dDos Attack! Kevin Houle (Mar 28)
- Re: DNS dDos Attack! Dan Armstrong (Mar 28)