Re: lot of 'ripe.net IN ANY +ED' queries

Marek Salwerowicz Mon, 23 Jul 2012 06:10:57 -0700

W dniu 2012-07-23 14:33, Stephane Bortzmeyer pisze:

But is there any other solutions for that permanent attacks?

The operators of F-root use this on their FreeBSD machines to
rate-limit per source IP:

add     pipe 1          udp     from any to any 53 in
pipe 1  config  mask src-ip 0xffffffff buckets 1024 bw 400Kbit/s queue 3
add     pipe 2          tcp     from any to any 53 in
pipe 2  config  mask src-ip 0xffffffff buckets 1024 bw 100Kbit/s queue 3

It looks nice, as I can now block the traffic on my firewall, instead ofDNS server.

Thanks.

BTW - is this attack any new kind of virus/spyware or sth ?

--
Marek Salwerowicz
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: lot of 'ripe.net IN ANY +ED' queries

Reply via email to