akhader at ies.etisalat.ae
Wed Jul 27 16:00:19 UTC 2016
As per the trace file QPS is around 1,158. Not sure what are the specs
of your server, but it is very less compared to other ISP's.
You need to rate-limit following IP's to around 20 QPS. All of these
IP's are sending ANY queries for cpsc.gov. This is an amplification attack.
How you want to apply rate-limit is up to you. You can ask your security
to do it or you can do it using iptables on the server.
I feel almost all redhat servers will have iptables installed by default.
On 7/27/2016 6:15 PM, Ejaz wrote:
>> Denying the request isn't going to solve anything in this case, they are still going to repeatedly ask for it and the traffic has already hit your system before ANY queries would be denied.
> Agreed but at least it minimize the problem, as if request is 50 bytes and then response also 50 bytes not more than that??
> -----Original Message-----
> From: S Carr [mailto:sjcarr at gmail.com]
> Sent: Wednesday, July 27, 2016 4:58 PM
> To: Ejaz <mejaz at cyberia.net.sa>
> Cc: bind-users <bind-users at lists.isc.org>
> Subject: Re: outgoing-traffic
> On 27 July 2016 at 14:44, Ejaz <mejaz at cyberia.net.sa> wrote:
>> Such as, if someone is sending ANY request , by default it should be denied when users requests for it..
> Denying the request isn't going to solve anything in this case, they are still going to repeatedly ask for it and the traffic has already hit your system before ANY queries would be denied.
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
More information about the bind-users