LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-04-2013, 01:51 PM   #16
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582

Quote:
Originally Posted by cliffordw View Post
If it is the name server for a LAN, then it is the first stop for all queries, and needs to respond to legitimate requests for the isc.org domain (either with the root servers if recursion is off, or with the final answer if recursion is on). In such a case the iptables rules should probably be refined to block only requests from the outside, while still allowing them from inside (by physical interface or IP range).
If it is the name server for a LAN then it shouldn't be listening on any public interfaces in the first place ;-p Besides that, and this is more a basic thing, common QTYPES are A, MX or quad A. Apart from a certain stubborn MTA the "wildcard" or ANY QTYPE isn't that commonly seen percentage-wise.
 
Old 04-04-2013, 01:56 PM   #17
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Quote:
Originally Posted by sundialsvcs View Post
My understanding of this attack was that the Internet was simply being flooded with these requests, which of all rights should only originate from "upstream" DNS servers, but actually coming from everywhere ... on the assumption that any server would respond to them anyway if received, and thereby contribute to the chaos.
No, any client may ask for it. The problem is there are too many name servers that answer requests they really shouldn't and the response is asymmetric, way larger than the request.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Long time user, first time poster to LinuxQuestions.org nevek LinuxQuestions.org Member Intro 1 07-21-2008 10:18 AM
isc.sans.org -- Brute-force SSH Attacks on the Rise unixfool Linux - Security 3 05-17-2008 09:43 PM
Cyber Security Awareness Month at isc.sans.org unixfool Linux - Security 2 11-02-2007 08:35 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration