Network Security: Detailed info on Re: DNS query spam

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Vuln-Dev

[Top] [All Lists]

Re: DNS query spam

from [Alexander Lourier] Network Security

[Permanent Link]

Subject:	Re: DNS query spam
Date:	Tue, 29 Nov 2005 09:52:17 +0300

On Monday 28 November 2005 01:30, Piotr Kamisiski wrote:

Recently my DNS servers get jammed with bogus queries. The attacks come in
series, taking a few minutes each, sometimes from different IPs at the
same time, at least twice a day.


My DNS servers were attacked the similar way in the beginning of this year. 
All queries were originated from a lot of sources. Senders of these packets 
were not bogus obviously, because after firewalling incoming requests from 
any of them, the rate of flooding became lower. All requests were made to one 
of my domains.

Daily DNS traffic was about 400-500 Mb.

To automate the firewalling process I wrote a program, that sniffed DNS 
traffic and automatically added to firewall DROP rules.

-- 
Best regards. Alexander Lourier. http://aml.rulezz.ru

pgpspnmzn0AqS.pgp
Description: PGP signature

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
DNS query spam, Piotr Kamisiski Re: DNS query spam, Alexander Lourier <= Re: DNS query spam, Josep Ma Castells Re: DNS query spam, Florian Weimer Re: DNS query spam, Joe Re: DNS query spam, Antone Roundy Re: DNS query spam, Stephen Stuart Re: DNS query spam, Florian Weimer Re: DNS query spam, Piotr Kamisiski Re: DNS query spam, Jim Pingle

Previous by Date:	APPLE-SA-2005-11-29 Security Update 2005-009, noreply
Next by Date:	Re: DNS query spam, Josep Ma Castells
Previous by Thread:	DNS query spam, Piotr Kamisiski
Next by Thread:	Re: DNS query spam, Josep Ma Castells
Indexes:	[Date] [Thread] [Top] [All Lists]