[RndTbl] DNS Amplification DoS

Sean Walberg sean at ertw.com
Mon Sep 17 16:14:10 CDT 2012


On Mon, Sep 17, 2012 at 3:55 PM, Gilbert E. Detillieux <
gedetil at cs.umanitoba.ca> wrote:

>
> Sean, do you have a working iptables example that you've used?  I've used
> the "recent" module on services like SSH, POP, and IMAP, but not for DNS.


No, I've always avoided the problem by using someone else's servers or
ACL'ing things to my network.

-m recent is how I'd start, too. Just log the violations instead of
dropping them to start.

Depending on what the impact would be to your network, policing/shaping
your DNS traffic to an arbitrary limit might also work. Could be done with
iptables, the Linux shaper, or an upstream router.

Sean

-- 
Sean Walberg <sean at ertw.com>    http://ertw.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.muug.mb.ca/pipermail/roundtable/attachments/20120917/bc94cfa1/attachment.html>


More information about the Roundtable mailing list