Am 01.08.2014 um 11:15 schrieb Michael Meyer:
> *** Reindl Harald wrote:
>>
>> Name: DNS Amplification Attacks
>> Konfiguration:
>> Familie: Denial of Service
>> OID: 1.3.6.1.4.1.25623.1.0.103718
>> Version: $Revision: 11 $
>>
>> i doubt
>>
>> named.conf:
>> rate-limit
>> {
>> responses-per-second 10;
>> window 5;
>> };
>
> How many bytes have the request and how many bytes the response? The
> NVT will tell you that. The NVT should only report if the response len
> is > "request_len*2"looking at the override and see TCP makes me believe that is the problem, interesting that it is only reported on one out of 4 dns-servers Port: 53/tcp given that the machine has the following settings response size is limited edns-udp-size 512; minimal-responses yes; maybe it's a false positive at all since the server allows recursion from the scanner IP, but "minimal-responses" reduces even ANY requests dramatically
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
