[ale] Fwd: Under Attack, my dns servers

Chuck Payne terrorpup at gmail.com
Mon Oct 6 15:41:02 EDT 2014


I will I need to remove ip's.

On Mon, Oct 6, 2014 at 3:36 PM, Lightner, Jeff <JLightner at dsservices.com>
wrote:

> Just posted named.conf entry examples in response to an earlier post.
>
> What you have looks ok to me but I don't use "-" in my acl names.   Since
> "-" is valid for zone file names in named.conf it probably is OK for acl
> names and I mention it as the only noticeable difference that stood out to
> me in what you wrote.
>
>
>
> -----Original Message-----
> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
> Horkan Smith
> Sent: Monday, October 06, 2014 3:16 PM
> To: Atlanta Linux Enthusiasts
> Subject: Re: [ale] Fwd: Under Attack, my dns servers
>
> Can you share the lines where you control access (including recursion)?
> In my case, they look like:
>
> named.conf.options:
>         allow-transfer { home-nets; domain-backups; };
>         allow-recursion { home-nets; domain-backups; };
>         allow-query { home-nets; domain-backups; };
>
> Where home-nets and domain-backups are defined as acls.
>
> later!
>    horkan
>
>
> On Mon, Oct 06, 2014 at 12:03:39PM -0400, Chuck Payne wrote:
> > Guys,
> >
> > I am under attack where my dns server is being used to do a ddos
> > attack. I believe it's a bot net, because the ip are too random. I
> > don't think the domain I am seeing in my bind log is real
> >
> > fkfkfkfz.guru
> >
> > 06-Oct-2014 11:23:28.146 client 92.222.9.179#49643: query:
> > fkfkfkfz.guru IN ANY +E (50.192.59.225)
> > 06-Oct-2014 11:23:28.146 client 92.222.9.179#49643: query (cache)
> > 'fkfkfkfz.guru/ANY/IN' denied
> > 06-Oct-2014 11:23:28.146 client 92.222.9.179#49643: drop REFUSED
> > response to 92.222.9.0/24
> >
> > I have turn on recursion, but now people can't find my domains any more.
> > I have also try to limit the rate as well
> >
> >   rate-limit {
> >                 responses-per-second 25;
> >                 window 5;
> >         };
> >
> >
> > I am running Debian and openSUSE.
> >
> > Anything I can do to stop them and make where people can find my
> > domains? I don't want to have to pay for something I can do and have
> control over.
> >
> > --
> > Terror PUP a.k.a
> > Chuck "PUP" Payne
> >
> > 678 636 9678
> > -----------------------------------------
> > Discover it! Enjoy it! Share it! openSUSE Linux.
> > -----------------------------------------
> > openSUSE -- Terrorpup
> > openSUSE Ambassador/openSUSE Member
> > skype,twiiter,identica,friendfeed -- terrorpup
> > freenode(irc) --terrorpup/lupinstein
> > Register Linux Userid: 155363
> >
> > Have you tried SUSE Studio? Need to create a Live CD,  an app you want
> > to package and distribute , or create your own linux distro. Give SUSE
> > Studio a try.
> >
> >
> >
> >
> > --
> > Terror PUP a.k.a
> > Chuck "PUP" Payne
> >
> > 678 636 9678
> > -----------------------------------------
> > Discover it! Enjoy it! Share it! openSUSE Linux.
> > -----------------------------------------
> > openSUSE -- Terrorpup
> > openSUSE Ambassador/openSUSE Member
> > skype,twiiter,identica,friendfeed -- terrorpup
> > freenode(irc) --terrorpup/lupinstein
> > Register Linux Userid: 155363
> >
> > Have you tried SUSE Studio? Need to create a Live CD,  an app you want
> > to package and distribute , or create your own linux distro. Give SUSE
> > Studio a try.
>
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
>
>
> --
> Horkan Smith
> 678-777-3263 cell, ale at horkan.net
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
> Athena(r), Created for the Cause(tm)
> Making a Difference in the Fight Against Breast Cancer
>
> __________________________________________________________
> CONFIDENTIALITY NOTICE: This e-mail may contain privileged
>
> or confidential information and is for the sole use of the intended
>
> recipient(s). If you are not the intended recipient, any disclosure,
>
> copying, distribution, or use of the contents of this information
>
> is prohibited and may be unlawful. If you have received this electronic
>
> transmission in error, please reply immediately to the sender that
>
> you have received the message in error, and delete it. Thank you
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



-- 
Terror PUP a.k.a
Chuck "PUP" Payne

678 636 9678
-----------------------------------------
Discover it! Enjoy it! Share it! openSUSE Linux.
-----------------------------------------
openSUSE -- Terrorpup
openSUSE Ambassador/openSUSE Member
skype,twiiter,identica,friendfeed -- terrorpup
freenode(irc) --terrorpup/lupinstein
Register Linux Userid: 155363

Have you tried SUSE Studio? Need to create a Live CD,  an app you want to
package and distribute , or create your own linux distro. Give SUSE Studio
a try.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20141006/da155dce/attachment.html>


More information about the Ale mailing list