ISC reader Zach reports that his company currently sees about 4Gbps of DNS requests beyond what is "normal", and all seem to originate from 91.216.194.0/24. Yup, someone on that IP range in Poland is likely having a "slow network day".
To make it less likely that your DNS servers unwittingly participate in a denial of service attack against someone else, consider using rate-limiting. If you are not running a massively popular eCommerce site, odds are your bandwidth and the load limit of your DNS server are way way beyond what you actually need.
The easiest way to rate-limit (if you use Linux) is to put an iptables rule on port 53 that controls how many packets per source IP address will be accepted per minute. BIND, one of the most popular DNS servers, introduced a response rate-limiting option in version 9.10 that allows to define how many responses per second the server will provide before it punts. Both are good ideas if you run an authoritative DNS server that has way more bandwidth and muscle than your actual usage requires.
'취약점 정보2' 카테고리의 다른 글
| Lenovo Superfish Adware Vulnerable to HTTPS Spoofing (0) | 2015.02.21 |
|---|---|
| Komodia Redirector with SSL Digestor fails to properly validate SSL and installs non-unique root CA certificates and private keys (0) | 2015.02.21 |
| Update to kippo-log2db.pl (0) | 2015.02.09 |
| BURP 1.6.10 Released (0) | 2015.02.09 |
| Automotive Security: Connected Cars Taking the Fast Lane (0) | 2015.02.06 |