outgoing-traffic
Abdul Khader
akhader at ies.etisalat.ae
Wed Jul 27 16:00:19 UTC 2016
Ejaz
As per the trace file QPS is around 1,158. Not sure what are the specs
of your server, but it is very less compared to other ISP's.
You need to rate-limit following IP's to around 20 QPS. All of these
IP's are sending ANY queries for cpsc.gov. This is an amplification attack.
212.118.122.99/100/101
How you want to apply rate-limit is up to you. You can ask your security
to do it or you can do it using iptables on the server.
I feel almost all redhat servers will have iptables installed by default.
Regards
Abdul Khader
On 7/27/2016 6:15 PM, Ejaz wrote:
>> Denying the request isn't going to solve anything in this case, they are still going to repeatedly ask for it and the traffic has already hit your system before ANY queries would be denied.
> Agreed but at least it minimize the problem, as if request is 50 bytes and then response also 50 bytes not more than that??
>
>
> Ejaz
>
> -----Original Message-----
> From: S Carr [mailto:sjcarr at gmail.com]
> Sent: Wednesday, July 27, 2016 4:58 PM
> To: Ejaz <mejaz at cyberia.net.sa>
> Cc: bind-users <bind-users at lists.isc.org>
> Subject: Re: outgoing-traffic
>
> On 27 July 2016 at 14:44, Ejaz <mejaz at cyberia.net.sa> wrote:
>> Such as, if someone is sending ANY request , by default it should be denied when users requests for it..
> Denying the request isn't going to solve anything in this case, they are still going to repeatedly ask for it and the traffic has already hit your system before ANY queries would be denied.
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
More information about the bind-users
mailing list