Re: [CentOS] BIND server getting DDOS
On 2022-08-03 23:20, Gordon Messmer wrote: On 8/3/22 11:08, Mark Milhollan wrote: Usually that's someone hoping to use you in a reflection attack Doesn't a reflection attack require the reflecting server to answer queries? I'd think that the server logging that the query was denied would indicate that it is not vulnerable to that type of abuse. While this is true, denial of those queries doesn't prevent that server from potentially being flooded with those queries. -- Mike Burger http://www.bubbanfriends.org "It's always suicide-mission this, save-the-planet that. No one ever just stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] BIND server getting DDOS
On Wed, 3 Aug 2022, Gordon Messmer wrote: On 8/3/22 11:08, Mark Milhollan wrote: Usually that's someone hoping to use you in a reflection attack Doesn't a reflection attack require the reflecting server to answer queries? I'd think that the server logging that the query was denied would indicate that it is not vulnerable to that type of abuse. The server did send a DNS response packet to the apparent sources, just not as large as an attacker usually hopes for -- a referral is 800+ bytes vs REFUSED which is about 30. So a successful reflection but not quite the level of attack desired. The source addresses might be correct but in that case the systems are misconfigured since they want to resolve the root to an IP address, perhaps due to a recent update. /mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
