What are these entries in the log file - " query: . IN NS +"?
Noel Butler
noel.butler at ausics.net
Mon Jan 26 23:48:43 UTC 2009
Hi Tony,
On Tue, 2009-01-27 at 09:35, Tony Toews [MVP] wrote:
> Noel Butler <noel.butler at ausics.net> wrote:
>
> >This is not your config, so long as you are not answering thats fine.
>
> How do I know I'm not answering those?
>
Since your on win, I can't help you, but whatever your packet monitor
is, see if you are replying to their requests, even with a REFUSED
response.
> >It's a forged request asking you to participate in a DDoS thats been
> >going on since last Wedensday,
> >it's best if you firewall off your replies to those IP's so you don't
> >participate in harming the innocent victims.
>
> I doubt the current firewall, the one built into Windows 2003 Server, is capable of
> blocking specific IP addresses but I'll check.
>
In that case maybe on your router? Apply a inbound request from them on
port 53 udp only, that way you wont affect real traffic (hopefully)
it does seemed to have died off dramatically here now.
Cheers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090127/c8e03cd7/attachment.html>
More information about the bind-users
mailing list