Preventing DDOS aplification open resolver attack

Sorry, this entry is only available in Brazilian Portuguese. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language.

DDOS Attack  by open DNS resolver:

Open dns resolver provides name resolution to any network outside your network. This means any one can use your
server to resolve the host name and also use it to attack other server by spoofing as your server. This in return
consume your server bandwidth and also cpu + memory resources making your server slow or even result to crash.
(settings suggested below is for BIND server)

Disable open recursive requests:

If we dont need open recursive on our system then we can completly disable it by following method.

after modifing the named.conf file DNS server must be restarted.

If we need to enable dns recursion then we can specify the ips, so that only these ips can do recursions.

after midifing the named.conf restart the bind server

If you are getting too much request to your named server, you will get big log file with entry of dined request. This
will slow down the server, so to disable failed request to be written to the log
add “category security {null;}; to named file.

 

Fonte: https://anandarajpandey.com/2014/02/10/preventing-ddos-aplification-open-resolver-attack/

Facebook Comments