Advisory Notice for Bind Default Configuration and Reflector Attacks
Jun-ichiro itojun Hagino
itojun at itojun.org
Thu Mar 23 13:55:55 UTC 2006
(i cross-posted to bind9 and bind because i am unsure if they are
still separate or not)
> The default configuration (open recursive servers) could potentially
> leave your systems vulnerable to being used in malicious attacks.
> We strongly advise you to reconfigure the recursive servers to
> mitigate this risk.
my home was under the attack. bad guys sent "MX for msn.com" and stuff.
even though i restrict recursion, my server returned list of TLD
servers (13 .com servers, packet size is almost 512 bytes). so even
though there is not traffic increse, i see 1 return packet against
1 attack packet. is it intentional, or am i using too old code?
More information about the bind-workers