nanog mailing list archives
Re: Tightened DNS security question re: DNS amplification attacks.
From: Steve Pirk <orion () pirk com>
Date: Tue, 27 Jan 2009 17:49:05 -0800 (PST)
On Wed, 28 Jan 2009, jay () miscreant org wrote:
Quoting John Martinez <jmartinez () zero11 com>:Are we still seeing DNS DDoS attack?Yep. I'm seeing ~2 queries/sec targetting 64.57.246.146. Also seeing requests from 76.9.16.171 every 1 minute 2 seconds.
I run a small personal nameserver and even I am seeing requests for that address 64.57.246.146 at ~1/sec.
How many people have upgraded to the latest version of Bind 9? ReasonI ask is that when I do my nightly port scan of my server, I no longer see named listening to udp on a random high order port (for replies I believe?). Almost the next day, I started hearing about/seeing these DNS attacks.
Previous nmap scan showed: 53/tcp open domain 53/udp open|filtered domain 33591/udp open|filtered unknown Now nmap shows: 53/tcp open domain 53/udp open|filtered domain The listen port (> 32767 I believe) is no longer there with BIND 9.4.3-P1.The port was bound at startup time and did not change as long as named was still running.
-- Steve Equal bytes for women.
Current thread:
- RE: out-of-band access bandwidth, (continued)
- RE: out-of-band access bandwidth Michael K. Smith - Adhost (Jan 27)
- Re: out-of-band access bandwidth Steve Meuse (Jan 27)
- Tightened DNS security question re: DNS amplification attacks. Matthew Huff (Jan 27)
- Re: Tightened DNS security question re: DNS amplification attacks. Nate Itkin (Jan 27)
- Re: Tightened DNS security question re: DNS amplification attacks. Mark Andrews (Jan 27)
- Re: Tightened DNS security question re: DNS amplification attacks. Nate Itkin (Jan 27)
- Re: Tightened DNS security question re: DNS amplification attacks. Douglas C. Stephens (Jan 27)
- Re: Tightened DNS security question re: DNS amplification attacks. Mark Andrews (Jan 27)
- Re: Tightened DNS security question re: DNS amplification attacks. John Martinez (Jan 27)
- Re: Tightened DNS security question re: DNS amplification attacks. jay (Jan 27)
- Re: Tightened DNS security question re: DNS amplification attacks. Steve Pirk (Jan 27)
- Re: Tightened DNS security question re: DNS amplification attacks. Mark Andrews (Jan 27)
- Re: out-of-band access bandwidth Steve Meuse (Jan 27)
- RE: out-of-band access bandwidth Michael K. Smith - Adhost (Jan 27)
- RE: Tightened DNS security question re: DNS amplification attacks. [SEC=UNCLASSIFIED] David Zielezna (Jan 27)
- Message not available
- RE: Tightened DNS security question re: DNS amplification attacks. [SEC=UNCLASSIFIED] David Zielezna (Jan 27)
- Re: Tightened DNS security question re: DNS amplification attacks. fredrik danerklint (Jan 28)
- Re: Tightened DNS security question re: DNS amplification attacks. Charles Morris (Jan 28)
- Re: Tightened DNS security question re: DNS amplification attacks. Graeme Fowler (Jan 28)
- Re: Tightened DNS security question re: DNS amplification attacks. Paul Vixie (Jan 27)
- Re: Tightened DNS security question re: DNS amplification attacks. David Andersen (Jan 27)
- Re: Tightened DNS security question re: DNS amplification attacks. Chris Adams (Jan 27)
- RE: Tightened DNS security question re: DNS amplification attacks. Frank Bulk (Jan 28)