[ale] Fwd: Under Attack, my dns servers

Horkan Smith ale at horkan.net
Mon Oct 6 15:13:58 EDT 2014


Can you share the lines where you control access (including recursion)?  In my case, they look like:

named.conf.options:
        allow-transfer { home-nets; domain-backups; };
        allow-recursion { home-nets; domain-backups; };
        allow-query { home-nets; domain-backups; };

Where home-nets and domain-backups are defined as acls.

later!
   horkan


On Mon, Oct 06, 2014 at 12:03:39PM -0400, Chuck Payne wrote:
> Guys,
> 
> I am under attack where my dns server is being used to do a ddos attack. I
> believe it's a bot net, because the ip are too random. I don't think the
> domain I am seeing in my bind log is real
> 
> fkfkfkfz.guru
> 
> 06-Oct-2014 11:23:28.146 client 92.222.9.179#49643: query: fkfkfkfz.guru IN
> ANY +E (50.192.59.225)
> 06-Oct-2014 11:23:28.146 client 92.222.9.179#49643: query (cache)
> 'fkfkfkfz.guru/ANY/IN' denied
> 06-Oct-2014 11:23:28.146 client 92.222.9.179#49643: drop REFUSED response
> to 92.222.9.0/24
> 
> I have turn on recursion, but now people can't find my domains any more.
> I have also try to limit the rate as well
> 
>   rate-limit {
>                 responses-per-second 25;
>                 window 5;
>         };
> 
> 
> I am running Debian and openSUSE.
> 
> Anything I can do to stop them and make where people can find my domains? I
> don't want to have to pay for something I can do and have control over.
> 
> -- 
> Terror PUP a.k.a
> Chuck "PUP" Payne
> 
> 678 636 9678
> -----------------------------------------
> Discover it! Enjoy it! Share it! openSUSE Linux.
> -----------------------------------------
> openSUSE -- Terrorpup
> openSUSE Ambassador/openSUSE Member
> skype,twiiter,identica,friendfeed -- terrorpup
> freenode(irc) --terrorpup/lupinstein
> Register Linux Userid: 155363
> 
> Have you tried SUSE Studio? Need to create a Live CD,  an app you want to
> package and distribute , or create your own linux distro. Give SUSE Studio
> a try.
> 
> 
> 
> 
> -- 
> Terror PUP a.k.a
> Chuck "PUP" Payne
> 
> 678 636 9678
> -----------------------------------------
> Discover it! Enjoy it! Share it! openSUSE Linux.
> -----------------------------------------
> openSUSE -- Terrorpup
> openSUSE Ambassador/openSUSE Member
> skype,twiiter,identica,friendfeed -- terrorpup
> freenode(irc) --terrorpup/lupinstein
> Register Linux Userid: 155363
> 
> Have you tried SUSE Studio? Need to create a Live CD,  an app you want to
> package and distribute , or create your own linux distro. Give SUSE Studio
> a try.

> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo


-- 
Horkan Smith
678-777-3263 cell, ale at horkan.net


More information about the Ale mailing list