rate-limit and Facebook IP's
Reindl Harald
h.reindl at thelounge.net
Tue Jul 1 15:34:38 UTC 2014
Am 01.07.2014 17:27, schrieb Carl Byington:
> On Tue, 2014-07-01 at 16:45 +0200, Reindl Harald wrote:
>> 30-Jun-2014 13:24:31.717 rate-limit: limit NODATA responses to
>> 69.171.248.0/24 for ns1.thelounge.net IN (1abd134b)
>
> I also see the rate limiting kicking in for facebook ranges. I should
> setup a tcpdump filter to log all the queries from those ranges.
>
> 31.13.99.0/24
> 69.171.248.0/24
> 173.252.74.0/24
> 173.252.77.0/24
> 173.252.102.0/24
> 173.252.113.0/24
feedback appreciated
for a amplification attack that's too few and unlikely someone
asks for NS/A records instead ANY - my only explaination is
that facebook tries to find servers which are vulerable to
amplification attacks and not rate-limiting
as i started with RRL those hits leaded to raise my limits and
if i am right their "tests" make things worser, god knows how
many admins raise their limits because that noise and making
things worser than needed :-(
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140701/2c51f1ef/attachment.bin>
More information about the bind-users
mailing list