Re: [gentoo-user] How to prevent a dns amplification attack

Am 31.03.2013 04:08, schrieb Paul Hartman: > On Thu, Mar 28, 2013 at 3:51 AM, Norman Rieß wrote: >> Hello, >> >> i am using pdns recursor to provide a dns server which should be usable >> for everybody.The problem is, that the server seems to be used in dns >> amplification attacks. >> I googled a

Re: [gentoo-user] How to prevent a dns amplification attack

On 31-Mar-13 4:08, Paul Hartman wrote: Coincidentally, yesterday US-CERT published a small article about DNS amplification attacks and mitigation strategies: http://www.us-cert.gov/ncas/alerts/TA13-088A Thanks for interesting link. I did not know bind has support for response rate-limiting...

Re: [gentoo-user] How to prevent a dns amplification attack

On Thu, Mar 28, 2013 at 3:51 AM, Norman Rieß wrote: > Hello, > > i am using pdns recursor to provide a dns server which should be usable > for everybody.The problem is, that the server seems to be used in dns > amplification attacks. > I googled around on how to prevent this but did not really fin

Re: [Bulk] Re: [gentoo-user] How to prevent a dns amplification attack

Am 30.03.2013 16:11, schrieb Kevin Chadwick: > On Sat, 30 Mar 2013 13:06:16 +0100 > Norman Rieß wrote: > >> As we all know everything works better and cheaper when things are >> privatized > > Actually No it's not so simple at all. > > You get incompetence in private and public and you may be

Re: [Bulk] Re: [gentoo-user] How to prevent a dns amplification attack

On 2013-03-30 11:15 AM, Kevin Chadwick wrote: On Sat, 30 Mar 2013 15:53:29 +0100 Rene Rasmussen wrote: There is also the possibility to use opendns.com I've been using them for years, and have not had any trouble. I started using them when my ISP decided to block some sites. And their standar

Re: [Bulk] Re: [gentoo-user] How to prevent a dns amplification attack

On Sat, 30 Mar 2013 15:53:29 +0100 Rene Rasmussen wrote: > There is also the possibility to use opendns.com > I've been using them for years, and have not had any trouble. I > started using them when my ISP decided to block some sites. And their > standard service is free :) They also support dn

Re: [Bulk] Re: [gentoo-user] How to prevent a dns amplification attack

On Sat, 30 Mar 2013 13:06:16 +0100 Norman Rieß wrote: > As we all know everything works better and cheaper when things are > privatized Actually No it's not so simple at all. You get incompetence in private and public and you may be more likely to get away with it for longer in a public servic

Re: [gentoo-user] How to prevent a dns amplification attack

On Sat, 30 Mar 2013 13:06:16 +0100 Norman Rieß wrote: > > Am 29.03.2013 um 23:34 schrieb Paul Hartman > : > > > On Thu, Mar 28, 2013 at 7:49 PM, Peter Humphrey > > wrote: > >> On Thursday 28 March 2013 20:53:49 Paul Hartman wrote: > >> > >>> In my case, my ISP's DNS servers are slow (several

Re: [gentoo-user] How to prevent a dns amplification attack

Am 29.03.2013 um 23:34 schrieb Paul Hartman : > On Thu, Mar 28, 2013 at 7:49 PM, Peter Humphrey > wrote: >> On Thursday 28 March 2013 20:53:49 Paul Hartman wrote: >> >>> In my case, my ISP's DNS servers are slow (several seconds to reply), >>> fail randomly when they should resolve, return an I

Re: [gentoo-user] How to prevent a dns amplification attack

On Fri, Mar 29, 2013 at 05:34:41PM -0500, Paul Hartman wrote > > Pretty much every major ISP in the US does DNS-hijacking and other > shenanigans, so there's no avoiding the evilness. The obvious questions is... do they hijack all port-53 queries? Depending on the answer, there are 2 different

Re: [gentoo-user] How to prevent a dns amplification attack

On 03/29/2013 07:01 PM, William Kenworthy wrote: > On 30/03/13 06:34, Paul Hartman wrote: >> On Thu, Mar 28, 2013 at 7:49 PM, Peter Humphrey >> wrote: >>> On Thursday 28 March 2013 20:53:49 Paul Hartman wrote: >>> In my case, my ISP's DNS servers are slow (several seconds to reply), fail

Re: [gentoo-user] How to prevent a dns amplification attack

On 30/03/13 06:34, Paul Hartman wrote: > On Thu, Mar 28, 2013 at 7:49 PM, Peter Humphrey > wrote: >> On Thursday 28 March 2013 20:53:49 Paul Hartman wrote: >> >>> In my case, my ISP's DNS servers are slow (several seconds to reply), >>> fail randomly when they should resolve, return an IP (which g

Re: [gentoo-user] How to prevent a dns amplification attack

On Thu, Mar 28, 2013 at 7:49 PM, Peter Humphrey wrote: > On Thursday 28 March 2013 20:53:49 Paul Hartman wrote: > >> In my case, my ISP's DNS servers are slow (several seconds to reply), >> fail randomly when they should resolve, return an IP (which goes to >> their ad-laden "helper" website if yo

Re: [gentoo-user] How to prevent a dns amplification attack

On 03/29/2013 09:27 AM, Alan McKinnon wrote: > On 29/03/2013 10:53, Norman Rieß wrote: >>> That is just evil. Have you no alternative to this ISP? -- Peter >> Like free and open DNS servers? ;-) Like the one i am talking about and >> was told it was

Re: [gentoo-user] How to prevent a dns amplification attack

On 29/03/2013 10:53, Norman Rieß wrote: >> That is just evil. Have you no alternative to this ISP? >> > >> > >> > >> > -- >> > >> > Peter >> > >> > >> > > Like free and open DNS servers? ;-) Like the one i am talking about and > was told it was unnessesary crap? When you describe the se

Re: [gentoo-user] How to prevent a dns amplification attack

On 28/03/2013 22:53, Paul Hartman wrote: > On Thu, Mar 28, 2013 at 3:02 PM, Alan McKinnon > wrote: Or just use the ISP's DNS caches. In the vast majority of cases, the ISP knows how to do it right and the user does not. >>> >>> Generally true, though I've known people to choose not to u

Re: [gentoo-user] How to prevent a dns amplification attack

Am 29.03.2013 01:49, schrieb Peter Humphrey: > On Thursday 28 March 2013 20:53:49 Paul Hartman wrote: > > > >> In my case, my ISP's DNS servers are slow (several seconds to reply), > >> fail randomly when they should resolve, return an IP (which goes to > >> their ad-laden "helper" website if

Re: [gentoo-user] How to prevent a dns amplification attack

On Thursday 28 March 2013 20:53:49 Paul Hartman wrote: > In my case, my ISP's DNS servers are slow (several seconds to reply), > fail randomly when they should resolve, return an IP (which goes to > their ad-laden "helper" website if you are using a web browser) when > they should instead return n

Re: [gentoo-user] How to prevent a dns amplification attack

On Thu, 28 Mar 2013 17:04:25 -0400 Michael Mol wrote: > > > >> listened to the dangers and even now simply redesigned DNSSEC. > > > > Or they could fudge it by making every request requiring padding > > larger than the response. Bandwidth would increase astronomically > > but amp attacks wo

Re: [gentoo-user] How to prevent a dns amplification attack

Am 28.03.2013 10:07, schrieb Adam Carter: > Why are you making your server available to everyone? > For the lulz mostly.

Re: [gentoo-user] How to prevent a dns amplification attack

On 03/28/2013 04:57 PM, Kevin Chadwick wrote: > >> listened to the dangers and even now simply redesigned DNSSEC. > > Or they could fudge it by making every request requiring padding larger > than the response. Bandwidth would increase astronomically but amp > attacks would have to find other ave

Re: [gentoo-user] How to prevent a dns amplification attack

On 03/28/2013 04:53 PM, Paul Hartman wrote: > On Thu, Mar 28, 2013 at 3:02 PM, Alan McKinnon > wrote: Or just use the ISP's DNS caches. In the vast majority of cases, the ISP knows how to do it right and the user does not. >>> >>> Generally true, though I've known people to choose not t

Re: [gentoo-user] How to prevent a dns amplification attack

> listened to the dangers and even now simply redesigned DNSSEC. Or they could fudge it by making every request requiring padding larger than the response. Bandwidth would increase astronomically but amp attacks would have to find other avenues.

Re: [gentoo-user] How to prevent a dns amplification attack

On Thu, Mar 28, 2013 at 3:02 PM, Alan McKinnon wrote: >>> Or just use the ISP's DNS caches. In the vast majority of cases, the ISP >>> knows how to do it right and the user does not. >> >> Generally true, though I've known people to choose not to use ISP caches >> owing to the ISP's implementation

Re: [gentoo-user] How to prevent a dns amplification attack

On Thu, 28 Mar 2013 16:12:04 +0100 Volker Armin Hemmann wrote: > > Hello, > > > > i am using pdns recursor to provide a dns server which should be > > usable for everybody.The problem is, that the server seems to be > > used in dns amplification attacks. > > I googled around on how to prevent thi

Re: [gentoo-user] How to prevent a dns amplification attack

On 28/03/2013 21:38, Michael Mol wrote: > On 03/28/2013 03:16 PM, Alan McKinnon wrote: >> On 28/03/2013 17:38, Michael Mol wrote: >>> On 03/28/2013 04:51 AM, Norman Rieß wrote: Hello, i am using pdns recursor to provide a dns server which should be usable for everybody.The probl

Re: [gentoo-user] How to prevent a dns amplification attack

Le 28/03/2013 17:53, Jarry a écrit : On 28-Mar-13 9:51, Norman Rieß wrote: Hello, i am using pdns recursor to provide a dns server which should be usable for everybody.The problem is, that the server seems to be used in dns amplification attacks. I googled around on how to prevent this but did

Re: [gentoo-user] How to prevent a dns amplification attack

On 03/28/2013 03:16 PM, Alan McKinnon wrote: > On 28/03/2013 17:38, Michael Mol wrote: >> On 03/28/2013 04:51 AM, Norman Rieß wrote: >>> Hello, >>> >>> i am using pdns recursor to provide a dns server which should be usable >>> for everybody.The problem is, that the server seems to be used in dns >

Re: [gentoo-user] How to prevent a dns amplification attack

On 28/03/2013 17:38, Michael Mol wrote: > On 03/28/2013 04:51 AM, Norman Rieß wrote: >> Hello, >> >> i am using pdns recursor to provide a dns server which should be usable >> for everybody.The problem is, that the server seems to be used in dns >> amplification attacks. >> I googled around on how

Re: [gentoo-user] How to prevent a dns amplification attack

Am 28.03.2013 16:38, schrieb Michael Mol: > On 03/28/2013 04:51 AM, Norman Rieß wrote: >> Hello, >> >> i am using pdns recursor to provide a dns server which should be usable >> for everybody.The problem is, that the server seems to be used in dns >> amplification attacks. >> I googled around on ho

Re: [gentoo-user] How to prevent a dns amplification attack

On 28-Mar-13 9:51, Norman Rieß wrote: Hello, i am using pdns recursor to provide a dns server which should be usable for everybody.The problem is, that the server seems to be used in dns amplification attacks. I googled around on how to prevent this but did not really find something usefull. Do

Re: [gentoo-user] How to prevent a dns amplification attack

On 03/28/2013 12:06 PM, Pandu Poluan wrote: > > On Mar 28, 2013 10:38 PM, "Michael Mol" > wrote: >> >> On 03/28/2013 04:51 AM, Norman Rieß wrote: >> > Hello, >> > >> > i am using pdns recursor to provide a dns server which should be usable >> > for everybody.The problem

Re: [gentoo-user] How to prevent a dns amplification attack

On Mar 28, 2013 10:38 PM, "Michael Mol" wrote: > > On 03/28/2013 04:51 AM, Norman Rieß wrote: > > Hello, > > > > i am using pdns recursor to provide a dns server which should be usable > > for everybody.The problem is, that the server seems to be used in dns > > amplification attacks. > > I google

Re: [gentoo-user] How to prevent a dns amplification attack

On 03/28/2013 04:51 AM, Norman Rieß wrote: > Hello, > > i am using pdns recursor to provide a dns server which should be usable > for everybody.The problem is, that the server seems to be used in dns > amplification attacks. > I googled around on how to prevent this but did not really find > somet

Re: [gentoo-user] How to prevent a dns amplification attack

Turn off this unnecessary crap? Am 28.03.2013 09:52 schrieb "Norman Rieß" : > Hello, > > i am using pdns recursor to provide a dns server which should be usable > for everybody.The problem is, that the server seems to be used in dns > amplification attacks. > I googled around on how to prevent thi

Re: [gentoo-user] How to prevent a dns amplification attack

Typically you would just allow recursion from networks you trust. Why are you making your server available to everyone? Read this one? https://developers.google.com/speed/public-dns/docs/security

[gentoo-user] How to prevent a dns amplification attack

Hello, i am using pdns recursor to provide a dns server which should be usable for everybody.The problem is, that the server seems to be used in dns amplification attacks. I googled around on how to prevent this but did not really find something usefull. Does anyone got an idea about this? Regar