Thursday, January 05, 2012
An anoying attack, Part II
I'm also seriously tempted to write a program to send back a nice, custom response to these, in the hopes that the program actually cares about the response.
An annoying attack - The Boston Diaries - Captain Napalm
Yeah, about that …
I've done a bit more research and apparently my server is part of a DNS amplification attack, where some
machine (or machines) somewhere on the Inernet is sending my server (along
with possibly other DNS servers) a
forged DNS request, in the hopes
that my DNS server will do the
requested DNS lookup and return the
result (in this case, any DNS record
for isc.org, which is known for returning rather large DNS resonses) in the hopes of denying
service to the forged IP address.
And even though my server won't do the actual DNS request, it still returns a packet saying as much, so even though my server is not sending a large packet, it is returning a packet, and thus participating the the DDoS attack, however little.
So even if I did send back a bogus response, it wouldn't be directed at the guilty party.
Sigh.
So I guess the thing to do is just filter those requests at the firewall.
