Hi everybody.
I have some more findings from today's morning. The attack are continuing. The root cause is a open resolver mostly on crappy DSL modem. When you are ISP this can be fixed by replacing the modems only. Imagine that you have 2.000 such modems in your network... You can cut the ips off of course. Problem is that the owner of the modem might have no idea he is an attacker. Today morning I have hit the limit of 32768 filedescriptors and the server was receiving just 1/3 of all queries - it is parf of the farm behing a balancer. About 3.300 qps incoming was amplified to ~ 60.000 qps leaving the server! The other two servers are running unboud. For some reason unbound is not suffering from this type od DDoS. It is using so called "jostle-timeout" http://www.unbound.net/documentation/unbound.conf.html. It would be nice if powerdns implements similar smart mechanism which can can face this. Regards Ales On Sun, 9 Feb 2014 17:33:05 +0200, Vlad wrote: > I have the similar problem... Several thousand requests from two ours > /20 networks..., from our clients, about 50IP's. > The list of domains (with auto-generated subdomains): betboy.cc, > 365ddos.cn, dytt8.net, pddos.com, sheshows.com, cp375.com, sdjlh.com, > asxkmy.com, ytwtoys.com, jimdo.com, ftes.info, gx911.com... At this > moment :-) > I also filter them using iptables ... Other options I do not see. > > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com [1] > http://mailman.powerdns.com/mailman/listinfo/pdns-users [2] Links: ------ [1] mailto:Pdns-users@mailman.powerdns.com [2] http://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
