On 8/3/2014 3:16 PM, Ruud Baart wrote:
> Thank you for your response. The URL you gave is helpful. When I've some
> time I will take a closer look at it. When I saw the line
>
> 0>>22&0x3C@8&0x0100=0x0100 && 0>>22&0x3C@12>>16=1
>
> it crossed my mind that this was the line your grandfather
Thank you for your response. The URL you gave is helpful. When I've some
time I will take a closer look at it. When I saw the line
0>>22&0x3C@8&0x0100=0x0100 && 0>>22&0x3C@12>>16=1
it crossed my mind that this was the line your grandfather was thinking
about if when he died peacefully.
T
On 8/3/2014 9:28 AM, Tom Eastep wrote:
> On 8/3/2014 7:36 AM, Ruud Baart wrote:
>> Tom,
>>
>> It is now nearly two month later and I can safely conclude that blocking
>> the DNS cache queries works for our servers. I takes a lot of load from
>> our DNS servers.
>>
>> Because the shorewall rule to b
On 8/3/2014 7:36 AM, Ruud Baart wrote:
> Tom,
>
> It is now nearly two month later and I can safely conclude that blocking
> the DNS cache queries works for our servers. I takes a lot of load from
> our DNS servers.
>
> Because the shorewall rule to block this attack is so effective and
> because
Tom,
It is now nearly two month later and I can safely conclude that blocking
the DNS cache queries works for our servers. I takes a lot of load from
our DNS servers.
Because the shorewall rule to block this attack is so effective and
because I think we are not the only ones that are severel
I think it works.
In /etc/shorewal/params I defined all trusted networks. In
/etc/shorewall/rules
?SECTION NEW
IPTABLES(DROP) wan1:!$TRUSTEDHOSTS $FW udp 53 ;
-m string --algo bm --hex-string "|0101|"
dropNotSyn wan1 $FW
Perhaps, I have used your DNS DDOS rule which is documented on the
shorewall website
DNS_DDoS wan1 $FW udp domain
Tom Eastep schreef op 8-7-2014 23:33:
> On 7/8/2014 2:19 PM, Ruud Baart wrote:
>> I think I found part of the solution.
>>
>> In /etc/shorewall/rul
On 7/8/2014 2:19 PM, Ruud Baart wrote:
> I think I found part of the solution.
>
> In /etc/shorewall/rules:
> IPTABLES(DROP) wan1 $FW udp 53 ; -m string --algo bm --hex-string
> "|0101|"
> does not work. But
> iptables -I INPUT 1 -p udp --dport 53 -m string --algo bm
> --hex-string
I think I found part of the solution.
In /etc/shorewall/rules:
IPTABLES(DROP) wan1 $FW udp 53 ; -m string --algo bm --hex-string
"|0101|"
does not work. But
iptables -I INPUT 1 -p udp --dport 53 -m string --algo bm
--hex-string "|0101|" -j DROP
works.
I assume the place of the
On 7/8/2014 9:45 AM, Ruud Baart wrote:
> I have seen it and I already tried it based on your previous mail. I
> updated shorewall to the latest version and added the rule:
>
> IPTABLES(DROP) wan1 $FW udp 53 ; -m string --hex-string
> "|FF0001|" --algo bm
>
> It doesn't work the way I ho
I have seen it and I already tried it based on your previous mail. I
updated shorewall to the latest version and added the rule:
IPTABLES(DROP) wan1 $FW udp 53 ; -m string --hex-string
"|FF0001|" --algo bm
It doesn't work the way I hoped: iptables -nvL shows 0 packets. After
your a
On 7/8/2014 8:53 AM, Ruud Baart wrote:
>
> Tom Eastep schreef op 8-7-2014 17:35:
>> On 7/8/2014 8:10 AM, Ruud Baart wrote:
>>
>>> Tom Eastep schreef op 8-7-2014 16:55:
On 7/8/2014 5:30 AM, Ruud Baart wrote:
> Good day,
>
> I have a problem in protecting one of our DNS severs (Debi
The queries contain all different domainnames, no pattern. As far as I
can see the only common ground is the recursion desired flag in the UDP
DNS query request (in wireshark: ...1 = Recursion desired: Do
query recursively). As far as I know normal client don't set the
recursion flag
On 7/8/2014 8:10 AM, Ruud Baart wrote:
> Tom Eastep schreef op 8-7-2014 16:55:
>> On 7/8/2014 5:30 AM, Ruud Baart wrote:
>>> Good day,
>>>
>>> I have a problem in protecting one of our DNS severs (Debian, bind9).
>>> One of our DNS servers is attacked with cache queries. Our servers are
>>> prot
4.5.5.3
But a upgrade is no problem
Tom Eastep schreef op 8-7-2014 16:55:
On 7/8/2014 5:30 AM, Ruud Baart wrote:
Good day,
I have a problem in protecting one of our DNS severs (Debian, bind9).
One of our DNS servers is attacked with cache queries. Our servers are
protected the best way I can
On 7/8/2014 5:30 AM, Ruud Baart wrote:
> Good day,
>
> I have a problem in protecting one of our DNS severs (Debian, bind9).
> One of our DNS servers is attacked with cache queries. Our servers are
> protected the best way I can but this type of requests are coming from
> everywhere and I can n
16 matches
Mail list logo
