[Unbound-users] Unbound DDoS / reflexion attack counter-measure ?
Daisuke HIGASHI
daisuke.higashi at gmail.com
Sat May 31 01:39:42 UTC 2014
Hi,
A countermeasure would be just blackholing "sidear.cn".
# queries for sidear.cn is just dropped and generates no answer.
local-zone: "sidear.cn" deny
- or -
# queries for sidear.cn returns REFUSED
local-zone: "sidear.cn" refuse
------
Next (current) terget is yahoo.com ?
$ dig @a.dns.cn sidear.cn
;; QUESTION SECTION:
;sidear.cn. IN A
;; AUTHORITY SECTION:
sidear.cn. 86400 IN NS ns2.yahoo.com.
sidear.cn. 86400 IN NS ns1.yahoo.com.
--
Daisuke HIGASHI
More information about the Unbound-users
mailing list