DNS dDos Attack!

• Previous message (by thread): DNS dDos Attack!
• Next message (by thread): DNS dDos Attack!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sorry, I lied.  We are running 8.34Release

What I cannot figure out is why *our* name server is sending out ICMP
unreachables.  The incoming dns queries are coming from random
destinations....

I have blocked icmp 3 incoming from that DMZ as not to overwhelm the CEF in
any other routers, but whoever is doing this has this name server at it's
knees.

Dan.


Eric Whitehill wrote:

> Dan:
>
> Can you updated your version of BIND and install some acls?
>
> -Eric
>
> On Fri, 28 Mar 2003, Dan Armstrong wrote:
>
> > Date: Fri, 28 Mar 2003 09:20:20 -0500
> > From: Dan Armstrong <dan at beanfield.com>
> > To: nanog at merit.edu
> > Subject: DNS dDos Attack!
> >
> >
> > I am sorry if this has come up before, but it seems that one of our name
> >
> > servers is under some sort of dDos attack.  It seems to be receiving
> > millions of queries form spoofed IPs, and it is spending all of it's
> > time sending back icmp unreachables.
> >
> > It is running bind 4.31 under BSD 4.62STABLE
> >
> > Help!
> >
> > Thanks,
> > Dan.
> >
> >

• Previous message (by thread): DNS dDos Attack!
• Next message (by thread): DNS dDos Attack!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]