I know...
That is why I have been posting the IP address. I now block 3980 IP address
from our NS servers. Most of them attempt to ssh to our www server and fail,
when they do that, I block the IP. Some the same IP's must have been running
the DoS since they are no longer able to do so on NS1. I have replicated the
block list to NS2 to see, I should know by tomorrow, if NS2 stops getting them
as well.
On a related topic:
Is there anyway to test for poisoning? How can you tell if you are or are not
poisoned.
> Date: Fri, 19 Aug 2011 09:33:29 +0800
> Subject: Re: client ... query (cache) './NS/IN' denied:
> From: short...@gmail.com
> To: shashan...@hotmail.com
> CC: bind-users@lists.isc.org
>
> On Fri, Aug 19, 2011 at 3:24 AM, Shawn Bakhtiar <shashan...@hotmail.com>
> wrote:
> >
> > Hi all,
> >
> > For the first time my primary name server is not reporting any more
> >
> > client XXX.XXX.XXX.XXX query (cache) './NS/IN' denied: 1 Time(s)
> >
>
> This is a DNS attacking.
> Many DNS Servers are meeting this kind of attack each day here.
> The traffic is huge, once I noticed the traffic to one of my NS host is 1.6G.
> It's a DDoS that will make your DNS can't serve at all.
>
> Regards.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
