Maintained by: NLnet Labs

[Unbound-users] Unbound DDoS / reflexion attack counter-measure ?

Daisuke HIGASHI
Sat May 31 03:58:05 CEST 2014


And increasing these params would mitigate this kind of attacks:

num-queries-per-thread
outgoing-range
so-rcvbuf
so-sndbuf

"Howto Optimise" document will help.
http://unbound.nlnetlabs.nl/documentation/howto_optimise.html

--
 Daisuke HIGASHI

2014-05-31 10:39 GMT+09:00 Daisuke HIGASHI <daisuke.higashi at gmail.com>:
> Hi,
>
> A countermeasure would be just blackholing "sidear.cn".
>
> # queries for sidear.cn is just dropped and generates no answer.
> local-zone: "sidear.cn" deny
>
>  - or -
>
> # queries for sidear.cn returns REFUSED
> local-zone: "sidear.cn" refuse
>
> ------
>
> Next (current) terget is yahoo.com ?
>
> $ dig @a.dns.cn sidear.cn
>
> ;; QUESTION SECTION:
> ;sidear.cn.            IN    A
>
> ;; AUTHORITY SECTION:
> sidear.cn.        86400    IN    NS    ns2.yahoo.com.
> sidear.cn.        86400    IN    NS    ns1.yahoo.com.
>
> --
>  Daisuke HIGASHI