Hi All: my 9.6.0 server is getting hammered by cache requests from a
specific IP (62.109.4.89) which traces back to what looks like a DSL
netblock in Russia:
05-Mar-2009 12:18:01.883 queries: info: client 62.109.4.89#53157: query: .
IN NS +
05-Mar-2009 12:18:01.883 security: info: client 62.109.4.89#53157: query
(cache) './NS/IN' denied
I assume that this is some unpatched server (because currently I only see
this single IP trying to connect), but is there any way to tell the
difference between that and a deliberate DDOS attack?
My subnet is on a Verizon 3Mbps static "business" DSL connection with a
router/firewall NAT'ing the incoming traffic.
My question is, will blocking this from the firewall in front of the box
help in any way to mitigate it's effect on the server? Or do I need to get
my upstream provider to block this IP for it to have any impact? The server
isn't "choking" on the volume of requests (yet), and I'm wondering if
blocking the requests at the border of the network would do anything
meaningful?
Of course, it's prolly not realistic to expect Verizon to do anything above
my router.
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
