Maybe a stupid question, but why do you need DNS on that server at all?
Why not offload it to your registrar or your provider?
Beyond that, you don't really provide adequate tech details here to fully
understand what your situation is. What's the server doing? What ports
are open and why? Etc.
DoS mitigation has traditionally focused on blackholing as far upstream as
possible. In this case, if it's a true DDoS with minimal commonality in
the addresses, then you'll need to either find a way to rate-limit
upstream or ride it out. Or, change your IP and hope it's not a
name-based DDoS.
Make sure you're not doing this to yourself with some sort of
misconfiguration. Doesn't sound like it, but one can never be too sure.
;)
Hi Guys,
Here is the situation...
I have a dedicated server at ISP X, about 1 week after I signed up for
the service I received a DoS attack against my DNS service... the attack
came from over 10,000 IP addresses and tried to resolve the following
domain names...
leet.nexhost.org
ns1.nexhost.org
ns2.nexhost.org
floop.m33pm33p.info
irc.k1hosting.net
b0tn3t.elite-coders.org
I thought i would be clever and changed root.cache on my named service
to resolve all dns queries to 127.0.0.1, this seems to of worked for
about 1hr. Next I get even more attacks on port 5556 which I don't even
use and basically by default drop everything to that port.
I have sent off abuse reports for over 10,000 IP's, grouping them by ISP
and sending 1 email per ISP.....
What to do? I've got a constant 200Kbps of traffic, and its kinda
bugging me...
Any help would greatly be appreciated. (btw, netsky.V uses port 5556)
Regards
Nigel Kukard
