DNS - connection limit (without any extra hardware)
Douglas Otis
dotis at mail-abuse.org
Fri Dec 8 23:57:24 UTC 2006
On Dec 8, 2006, at 6:40 AM, Luke wrote:
> Hi,
> as a consequence of a virus diffused in my customer-base, I often
> receive big bursts of traffic on my DNS servers. Unluckly, a lot of
> clients start to bomb my DNSs at a certain hour, so I have a
> distributed tentative of denial of service. I can't blacklist them
> on my DNSs, because the infected clients are too much.
>
> For this reason, I would like that a DNS could response maximum to
> 10 queries per second given by every single Ip address. Anybody
> knows a solution, just using iptables/netfilter/kernel tuning/BIND
> tuning, without using any hardware traffic shaper?
One effective strategy is to make 0wning your customer's system less
profitable. Here is a good article by Suresh Ramasubramanian:
http://www.circleid.com/posts/
port_25_blocking_or_fix_smtp_and_leave_port_25_alone_for_the_sake_of_spa
m/
Some have been successful with notification tools such as those
offered by:
http://www.perftech.com/
Customers are directed to a free scrub that does not depend upon OS
validation status, such as Housecall.
-Doug
More information about the NANOG
mailing list