North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: DNS dDos Attack!
Sorry, I lied. We are running 8.34Release What I cannot figure out is why *our* name server is sending out ICMP unreachables. The incoming dns queries are coming from random destinations.... I have blocked icmp 3 incoming from that DMZ as not to overwhelm the CEF in any other routers, but whoever is doing this has this name server at it's knees. Dan. Eric Whitehill wrote: > Dan: > > Can you updated your version of BIND and install some acls? > > -Eric > > On Fri, 28 Mar 2003, Dan Armstrong wrote: > > > Date: Fri, 28 Mar 2003 09:20:20 -0500 > > From: Dan Armstrong <email@example.com> > > To: firstname.lastname@example.org > > Subject: DNS dDos Attack! > > > > > > I am sorry if this has come up before, but it seems that one of our name > > > > servers is under some sort of dDos attack. It seems to be receiving > > millions of queries form spoofed IPs, and it is spending all of it's > > time sending back icmp unreachables. > > > > It is running bind 4.31 under BSD 4.62STABLE > > > > Help! > > > > Thanks, > > Dan. > > > >