I'll be working on it this morning. Nigel On Oct 12, 2013, at 11:32 PM, Bart Kus wrote:
Hi,
HamWAN has been used as a DNS amplifier in a DDoS attack. I'm tied up with acquiring some chip fab gear the next couple days (yay!). Can I ask you guys with net ops access to go through the whole network and disable DNS service everywhere? Example of problem:
eo@jo ~ $ dig @44.24.240.133 google.com. A +recurse
; <<>> DiG 9.9.2 <<>> @44.24.240.133 google.com. A +recurse ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65363 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION: ;google.com. IN A
;; ANSWER SECTION: google.com. 300 IN A 173.194.33.70 google.com. 300 IN A 173.194.33.66 google.com. 300 IN A 173.194.33.69 google.com. 300 IN A 173.194.33.65 google.com. 300 IN A 173.194.33.68 google.com. 300 IN A 173.194.33.72 google.com. 300 IN A 173.194.33.73 google.com. 300 IN A 173.194.33.64 google.com. 300 IN A 173.194.33.71 google.com. 300 IN A 173.194.33.67 google.com. 300 IN A 173.194.33.78
;; Query time: 51 msec ;; SERVER: 44.24.240.133#53(44.24.240.133) ;; WHEN: Sat Oct 12 22:56:37 2013 ;; MSG SIZE rcvd: 204
PS: We gotta get some automation up in here for config control.
--Bart
_______________________________________________ PSDR mailing list PSDR@hamwan.org http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org