*** Reindl Harald wrote:
> Am 01.08.2014 um 11:15 schrieb Michael Meyer:
> > *** Reindl Harald wrote:
> >>
> >> Name: DNS Amplification Attacks
> >> Konfiguration:
> >> Familie: Denial of Service
> >> OID: 1.3.6.1.4.1.25623.1.0.103718
> >> Version: $Revision: 11 $
> >>
> >> i doubt
> >>
> >> named.conf:
> >> rate-limit
> >> {
> >> responses-per-second 10;
> >> window 5;
> >> };
> >
> > How many bytes have the request and how many bytes the response? The
> > NVT will tell you that. The NVT should only report if the response len
> > is > "request_len*2"
>
> looking at the override and see TCP makes me believe that
> is the problem, interesting that it is only reported on
> one out of 4 dns-servers
> Port: 53/tcp
Thats a bug in the NVT. It reports for tcp but means in fact udp.
Fixed in r596.
Again: How many bytes have the request and how many bytes the
response?
Micha
--
Michael Meyer OpenPGP Key: 0xAF069E9152A6EFA6
http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
