4 Nov
2010
4 Nov
'10
4:23 a.m.
On Fri, 2010-11-05 at 09:04 +1300, Ian Batterbee wrote:
Looks like a new DDOS out there.. anyone else seeing it ?
I found a DNS nameserver being used to generate traffic recently. It was receiving DNS requests from ip addresses in the same /24 as itself, but the requests were coming from outside the network. Thinking the lookup requests were coming from local addresses, the nameserver was sending traffic to the authoritative nameservers for some domains. So I recommend that the router or firewall in front of any nameserver be set so that it does not accept source addresses belonging to thelocal network from outside of the network. It has been best practice to do so for a long time. Regards, RH.