In my opinion the issue is not caused by poorly configured dns server. But due to poorly configured networks that allows spoofed traffic to leave their routers...
I'm sure who is used to get ddos already knows who these ISPs allowing spoofing are... If those networks were shutdown there would be no need to protect any kind of UDP service (there are people doing syn reflections in the same way using srcds tcp ports... do you ratelimit properly those?) Il 11/01/2013 11.36, gamead...@127001.org ha scritto: > Just because they're well known doesn't make them immune to configuration > cockups... one solution might be to get your host to firewall all incoming > from port 53 except for stuff coming from your hosts' DNS servers (or > google's, or whoever) - that won't help if the bandwidth is going to > overwhelm your host's core router, but it WILL help in cases where it's > flooding out your uplink > > @Sachin Sud: > > Perhaps you could actually be constructive? Despite saying you didn't want to > spam the list, your two contributions have been "lol" and a post that > essentially says "I think your approach is wrong but I'm not going to give > any details whatsoever" > >> -----Original Message----- >> From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux- >> boun...@list.valvesoftware.com] On Behalf Of Marco Padovan >> Sent: 11 January 2013 10:32 >> To: hlds_linux@list.valvesoftware.com >> Subject: Re: [hlds_linux] Servers get attacked via DDoS >> >> yes, the attacks is exactly that... >> >> but those are not just "broken dns",i even saw some *well known* IT >> names into the "attackers". >> >> Il 11/01/2013 11.16, Arnim Eijkhoudt ha scritto: >>> Haha, >>> >>> I hope you're joking. Almost none of your questions are remotely >>> relevant to this type of attack. DNS reflection attacks can only be >>> effectively mitigated upstream. The structural solution, >>> unfortunately, is educating/informing the admins of the broken DNS >>> servers (short of just bluntly increasing the bandwidth capacity of >>> the affected server(s) and 'sitting it out'). >>> >>> See also: http://blog.cloudflare.com/65gbps-ddos-no-problem >>> >>> €0,02 >>> >>> On 11-1-2013 10:52, Sachin Sud wrote: >>>> My intensions are not to spam this mail list. >>>> But if you guys are comfortable , you need to answer few questions >> by >>>> which >>>> i can help you better to get saved from ddos attacks. >>>> >>>> Which country are you from? >>>> How many game servers you host? >>>> How often the attack happens? >>>> Is it specific to any particular game? >>>> Which OS you have on server? >>>> What kind of firewall you use , in case if you use any >>>> And last question How much money you spend monthly on servers ( >> Based on >>>> your location, i can recommend some ddos protection if required ) >>>> >>>> Thanks, >>>> Sachin >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list >> archives, >>> please visit: >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
