Snort rules for isc.org and ripe.net DNS Amplification Attacks

Everything started with a few queries of isc.org thrugh open DNS servers located at our data center. Searching through the net we found that we are not the victims but a part of ¬†uncomprimised sources of ¬†a huge DDoS attack. A 60 byte query will turn into 50 times larger data directed to victims IP […]

Read More

Disabling recursive queries in Bind

If you own your DNS servers, you should probably want to close recursive queries being gathered from your servers. In named.conf edit the options directive and add: options { allow-transfer {Secondary Server IP; }; allow-recursion { 127.0.0.1; A.B.C/24; }; }; In secondary server: add to options: allow-transfer { none; }; allow-recursion { 127.0.0.1; A.B.C/24; }; […]

Read More