nanog mailing list archives
Re: Summary with further Question: Domain Name System protection
From: sthaug () nethelp no
Date: Tue, 17 Aug 2004 15:46:11 +0200
What I'm not sure about ACL on router is, how to survive DNS server under DoS/DDos attack. We suffered from DoS attack last year, and we found the source IPs of that attack locate in our customers IP address blocks. ACL on router could only filter those traffic not meaningful to DNS server, but how about those DDoS attacking packets?
Your router can presumably rate limit the traffic towards the name server to a level the name server can handle. On the name server you can perform further rate limiting on an IP address basis, with for instance FreeBSD ipfw. Steinar Haug, Nethelp consulting, sthaug () nethelp no
Current thread:
- Re: filtering 1918 (was Re: Summary with...: Domain Name System ...), (continued)
- Re: filtering 1918 (was Re: Summary with...: Domain Name System ...) Richard A Steenbergen (Aug 18)
- Re: filtering 1918 (was Re: Summary with...: Domain Name System ...) David A. Ulevitch (Aug 18)
- Re: filtering 1918 (was Re: Summary with...: Domain Name System ...) Richard A Steenbergen (Aug 18)
- Re: filtering 1918 (was Re: Summary with...: Domain Name System ...) Jared Mauch (Aug 18)
- Re: filtering 1918 (was Re: Summary with...: Domain Name System ...) Richard A Steenbergen (Aug 18)
- Re: filtering 1918 (was Re: Summary with...: Domain Name System ...) Patrick W Gilmore (Aug 18)
- Re: filtering 1918 (was Re: Summary with...: Domain Name System ...) Paul Vixie (Aug 18)
- Re: filtering 1918 (was Re: Summary with...: Domain Name System ...) Paul Vixie (Aug 18)
- Re: Summary with further Question: Domain Name System protection sthaug (Aug 17)
- Re: Summary with further Question: Domain Name System protection Joe Shen (Aug 17)
- Re: Summary with further Question: Domain Name System protection sthaug (Aug 17)
- Re: Domain Name System protection Bruce Pinsky (Aug 16)