[HamWAN PSDR] NetOps: Please disable recursive DNS on all routers
Bart Kus
me at bartk.us
Sat Oct 12 23:32:19 PDT 2013
Hi,
HamWAN has been used as a DNS amplifier in a DDoS attack. I'm tied up
with acquiring some chip fab gear the next couple days (yay!). Can I ask
you guys with net ops access to go through the whole network and disable
DNS service everywhere? Example of problem:
eo at jo ~ $ dig @44.24.240.133 google.com. A +recurse
; <<>> DiG 9.9.2 <<>> @44.24.240.133 google.com. A +recurse
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65363
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 300 IN A 173.194.33.70
google.com. 300 IN A 173.194.33.66
google.com. 300 IN A 173.194.33.69
google.com. 300 IN A 173.194.33.65
google.com. 300 IN A 173.194.33.68
google.com. 300 IN A 173.194.33.72
google.com. 300 IN A 173.194.33.73
google.com. 300 IN A 173.194.33.64
google.com. 300 IN A 173.194.33.71
google.com. 300 IN A 173.194.33.67
google.com. 300 IN A 173.194.33.78
;; Query time: 51 msec
;; SERVER: 44.24.240.133#53(44.24.240.133)
;; WHEN: Sat Oct 12 22:56:37 2013
;; MSG SIZE rcvd: 204
PS: We gotta get some automation up in here for config control.
--Bart
More information about the PSDR
mailing list