[57067] in North American Network Operators' Group
Re: DNS dDos Attack!
daemon@ATHENA.MIT.EDU (Stephen J. Wilcox)
Fri Mar 28 09:39:26 2003
Date: Fri, 28 Mar 2003 14:39:02 +0000 (GMT)
From: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
To: Dan Armstrong <dan@beanfield.com>
Cc: nanog@merit.edu
In-Reply-To: <3E845A24.669C0188@beanfield.com>
Errors-To: owner-nanog-outgoing@merit.edu
Personally I'd blackhole the traffic at the entry point and work on finding the
origin.
Assuming its only one of your name servers you can run with one dead...
On Fri, 28 Mar 2003, Dan Armstrong wrote:
>
> I am sorry if this has come up before, but it seems that one of our name
>
> servers is under some sort of dDos attack. It seems to be receiving
> millions of queries form spoofed IPs, and it is spending all of it's
> time sending back icmp unreachables.
>
> It is running bind 4.31 under BSD 4.62STABLE
>
> Help!
>
> Thanks,
> Dan.
>
>
