[Unbound-users] Unbound DDoS / reflexion attack counter-measure ?
Daisuke HIGASHI
daisuke.higashi at gmail.com
Sat May 31 01:58:05 UTC 2014
And increasing these params would mitigate this kind of attacks:
num-queries-per-thread
outgoing-range
so-rcvbuf
so-sndbuf
"Howto Optimise" document will help.
http://unbound.nlnetlabs.nl/documentation/howto_optimise.html
--
Daisuke HIGASHI
2014-05-31 10:39 GMT+09:00 Daisuke HIGASHI <daisuke.higashi at gmail.com>:
> Hi,
>
> A countermeasure would be just blackholing "sidear.cn".
>
> # queries for sidear.cn is just dropped and generates no answer.
> local-zone: "sidear.cn" deny
>
> - or -
>
> # queries for sidear.cn returns REFUSED
> local-zone: "sidear.cn" refuse
>
> ------
>
> Next (current) terget is yahoo.com ?
>
> $ dig @a.dns.cn sidear.cn
>
> ;; QUESTION SECTION:
> ;sidear.cn. IN A
>
> ;; AUTHORITY SECTION:
> sidear.cn. 86400 IN NS ns2.yahoo.com.
> sidear.cn. 86400 IN NS ns1.yahoo.com.
>
> --
> Daisuke HIGASHI
More information about the Unbound-users
mailing list