[Unbound-users] a mitigation against random subdomain attack
Maciej Soltysiak
maciej at soltysiak.com
Tue Mar 24 10:57:54 UTC 2015
Hi Daisuke,
On Sun, Mar 22, 2015 at 1:31 PM, Daisuke HIGASHI <daisuke.higashi at gmail.com>
wrote:
> Hi,
>
> I have implemented mitigation against random subdomain DoS attack (or
> sometime referred as water torture attack) for Unbound utilizing
> bloomfilter.
>
> https://github.com/hdais/unbound-bloomfilter
>
> It learns qnames which resulted in noerror using bloomfilter in peace
> time. When a domain is set to be bloomfiltered (manually or
> automatically) it accepts only qnames to be noerror for the domain.
>
> This effectively refuse only bad random queries that result would be
> nxdomain while keeping the domain resolvable.
>
This is interesting; can you help me understand where does the 9.6 bits
come from?
Also, what would a false positive here be?
A random query that was allowed or a legitimate query that was refused?
> Regards,
> --
> Daisuke HIGASHI
>
Maciej
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20150324/68c70c07/attachment.htm>
More information about the Unbound-users
mailing list