Maintained by: NLnet Labs

[Unbound-users] Random subdomain flood query

battossai
Tue Mar 31 13:47:28 CEST 2015


Hi,


The problem is that is just one domain that i share, the domain also change
for several time.
But i will try it, thank you in advanced.


Regards,
Franky Yu



On Tue, Mar 31, 2015 at 6:37 PM, Stephane Bortzmeyer <bortzmeyer at nic.fr>
wrote:

> On Tue, Mar 31, 2015 at 06:09:50PM +0700,
>  battossai <battossai at gmail.com> wrote
>  a message of 72 lines which said:
>
> > Here is sample log of mine :
> >
> > *Mar 31 17:56:47 ns1 unbound: [7679:1] info: 49.128.xxx.xxx
> > cdexevevyp.www.136.xxx. A IN*
>
> If using Linux, this Netfilter rule is very useful:
>
> iptables  -A INPUT --in-interface eth0 -p udp --dport 53 -m string \
>     --algo bm --hex-string '|03313336 03787878|' \
>     --jump DROP
>
> (where 03313336 03787878 = 136.xxx)
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20150331/b1759f23/attachment.html>