Advisory Notice for Bind Default Configuration and Reflector Attacks

Jun-ichiro itojun Hagino itojun at itojun.org
Thu Mar 23 13:55:55 UTC 2006


	(i cross-posted to bind9 and bind because i am unsure if they are
	still separate or not)

> The default configuration (open recursive servers) could potentially
> leave your systems vulnerable to being used in malicious attacks.
> We strongly advise you to reconfigure the recursive servers to
> mitigate this risk.

	my home was under the attack.  bad guys sent "MX for msn.com" and stuff.

	even though i restrict recursion, my server returned list of TLD
	servers (13 .com servers, packet size is almost 512 bytes).  so even
	though there is not traffic increse, i see 1 return packet against
	1 attack packet.  is it intentional, or am i using too old code?

itojun


More information about the bind-workers mailing list