Thursday, January 05, 2012
An anoying attack, Part II
I'm also seriously tempted to write a program to send back a nice, custom response to these, in the hopes that the program actually cares about the response.
Yeah, about that …
I've done a bit more research and apparently my server is part of a DNS amplification attack, where
some machine (or machines) somewhere on the Inernet is sending my server
(along with possibly other DNS servers) a forged DNS request, in the hopes that my DNS server will do the requested DNS lookup and return the result (in
this case, any DNS record for
isc.org, which is known for returning rather large DNS resonses) in the hopes of denying
service to the forged IP
And even though my server won't do the actual DNS request, it still returns a packet saying as much, so even though my server is not sending a large packet, it is returning a packet, and thus participating the the DDoS attack, however little.
So even if I did send back a bogus response, it wouldn't be directed at the guilty party.
So I guess the thing to do is just filter those requests at the firewall.