leigh.porter at ukbroadband.com
Wed Jan 18 08:18:32 CST 2012
Yeah like I say, it wasn't my idea to put DNS behind firewalls. As long as it is not *my* firewalls I really don't care what they do ;-)
> -----Original Message-----
> From: Dennis [mailto:dennis at justipit.com]
> Sent: 18 January 2012 12:55
> To: Leigh Porter; toor
> Cc: nanog at nanog.org
> Subject: Re: DNS Attacks
> I agree with Roland on the firewall placement. I add that the attack
> would have likely succeeded to exhaust the servers. There is alot of
> recent ddos activity on DNS with what looks like legitimate queries.
> You should also look at some DOS/ application level protections;
> Radware and Arbor top the list.
> Leigh Porter <leigh.porter at ukbroadband.com> wrote:
> >On 18 Jan 2012, at 05:06, "toor" <lists at 1337.mx> wrote:
> >> Hi list,
> >> I am wondering if anyone else has seen a large amount of DNS queries
> >> coming from various IP ranges in China. I have been trying to find a
> >> pattern in the attacks but so far I have come up blank. I am
> >> guessing these are possibly DNS amplification attacks but I am not
> >> sure. Usually what I see is this:
> >At various seemingly random times over the past week I have had a DNS
> which is behind a firewall come under attack. The firewall is
> significant because the attacks killed the firewall as it is rather
> under specified (not my idea..).
> >It did originate from Chinese address space and consisted of DNS
> queries for lots of hosts. There was also a port-scan in the traffic
> and a SYN attack on a few hosts on the same small subnet as the DNS, a
> web server and an open SSH port.
> >Leigh Porter
> >This email has been scanned by the Symantec Email Security.cloud
> >For more information please visit http://www.symanteccloud.com
> This email has been scanned by the Symantec Email Security.cloud
> For more information please visit http://www.symanteccloud.com
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
More information about the NANOG