How do I randomize the DNS source port number?
Simon Waters
Simon at wretched.demon.co.uk
Sat Jul 27 16:49:15 UTC 2002
phil-news-nospam at ipal.net wrote:
>
> |> I think someone is doing a poison cache DoS on my server.
> | Cache poisoning isn't a DoS attack. You have to spoof a lot of
> | packets so it could look like one.
> Sure it is.
What I mean is that it isn't specifically about DoS, sure you
can use it for DoS, but it is a damn difficult way to DoS a mail
server compared to say sending it lots of mail, or tricking
other people into sending it lots of mail.
An attacker taking that approach to DoS would have to be both
clever, and keen on doing things the hard way....
If your RBL response was wildcarded, it would seem odd it wasn't
100% of mail being rejected, no?
Probably worth dumping the db with rndc before flushing if it
happens again, then at least you have a sporting chance of
spotting if it is data in the cache causing the problem, or
perhaps some other problem.
More information about the bind-users
mailing list