[Unbound-users] Random subdomain flood query
Stephane Bortzmeyer
bortzmeyer at nic.fr
Tue Mar 31 11:37:22 UTC 2015
On Tue, Mar 31, 2015 at 06:09:50PM +0700,
battossai <battossai at gmail.com> wrote
a message of 72 lines which said:
> Here is sample log of mine :
>
> *Mar 31 17:56:47 ns1 unbound: [7679:1] info: 49.128.xxx.xxx
> cdexevevyp.www.136.xxx. A IN*
If using Linux, this Netfilter rule is very useful:
iptables -A INPUT --in-interface eth0 -p udp --dport 53 -m string \
--algo bm --hex-string '|03313336 03787878|' \
--jump DROP
(where 03313336 03787878 = 136.xxx)
More information about the Unbound-users
mailing list