Maintained by: NLnet Labs

[Unbound-users] Unbound DDoS / reflexion attack counter-measure ?

Daisuke HIGASHI
Sat May 31 03:39:42 CEST 2014


Hi,

A countermeasure would be just blackholing "sidear.cn".

# queries for sidear.cn is just dropped and generates no answer.
local-zone: "sidear.cn" deny

 - or -

# queries for sidear.cn returns REFUSED
local-zone: "sidear.cn" refuse

------

Next (current) terget is yahoo.com ?

$ dig @a.dns.cn sidear.cn

;; QUESTION SECTION:
;sidear.cn.            IN    A

;; AUTHORITY SECTION:
sidear.cn.        86400    IN    NS    ns2.yahoo.com.
sidear.cn.        86400    IN    NS    ns1.yahoo.com.

-- 
 Daisuke HIGASHI