Ejaz
As per the trace file QPS is around 1,158. Not sure what are the specs
of your server, but it is very less compared to other ISP's.
You need to rate-limit following IP's to around 20 QPS. All of these
IP's are sending ANY queries for cpsc.gov. This is an amplification attack.
212.118.122.99/100/101
How you want to apply rate-limit is up to you. You can ask your security
to do it or you can do it using iptables on the server.
I feel almost all redhat servers will have iptables installed by default.
Regards
Abdul Khader
On 7/27/2016 6:15 PM, Ejaz wrote:
Denying the request isn't going to solve anything in this case, they are still
going to repeatedly ask for it and the traffic has already hit your system
before ANY queries would be denied.
Agreed but at least it minimize the problem, as if request is 50 bytes and
then response also 50 bytes not more than that??
Ejaz
-----Original Message-----
From: S Carr [mailto:sjc...@gmail.com]
Sent: Wednesday, July 27, 2016 4:58 PM
To: Ejaz <me...@cyberia.net.sa>
Cc: bind-users <bind-users@lists.isc.org>
Subject: Re: outgoing-traffic
On 27 July 2016 at 14:44, Ejaz <me...@cyberia.net.sa> wrote:
Such as, if someone is sending ANY request , by default it should be denied
when users requests for it..
Denying the request isn't going to solve anything in this case, they are still
going to repeatedly ask for it and the traffic has already hit your system
before ANY queries would be denied.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
