[Unbound-users] Unbound DDoS / reflexion attack counter-measure ?

Daisuke HIGASHI daisuke.higashi at gmail.com
Sat May 31 01:39:42 UTC 2014


Hi,

A countermeasure would be just blackholing "sidear.cn".

# queries for sidear.cn is just dropped and generates no answer.
local-zone: "sidear.cn" deny

 - or -

# queries for sidear.cn returns REFUSED
local-zone: "sidear.cn" refuse

------

Next (current) terget is yahoo.com ?

$ dig @a.dns.cn sidear.cn

;; QUESTION SECTION:
;sidear.cn.            IN    A

;; AUTHORITY SECTION:
sidear.cn.        86400    IN    NS    ns2.yahoo.com.
sidear.cn.        86400    IN    NS    ns1.yahoo.com.

-- 
 Daisuke HIGASHI



More information about the Unbound-users mailing list