DNS Server Spoofed Request Amplification DDoS - Prevention

Posted by Shackrock on Server Fault See other posts from Server Fault or by Shackrock
Published on 2011-11-10T14:23:04Z Indexed on 2011/11/12 17:53 UTC
Read the original article Hit count: 456

Filed under:

dns

|

centos5

|

ddos

|

whmcpanel

I've been conducting security scans, and a new one popped up for me:

DNS Server Spoofed Request Amplification DDoS

The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer which is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.

General Solution: Restrict access to your DNS server from public network or reconfigure it to reject such queries.

I'm hosting my own DNS for my website. I'm not sure what the solution is here... I'm really looking for some concrete detailed steps to patch this, but haven't found any yet. Any ideas?

CentOS5 with WHM and CPanel.

Also see: http://securitytnt.com/dns-amplification-attack/

© Server Fault or respective owner

Related posts about dns

Master/Slave DNS setup vs. rsync'ed DNS servers

as seen on Server Fault - Search for 'Server Fault'
We currently have primary and secondary DNS servers on our corporate network. They are setup in a master/slave type setup, where the slave gets its DNS information from the master. I'm trying to figure out what the real advantage is for the master/slave setup instead of just setting up an automated… >>> More
Updating Windows DNS records from a remote windows DNS server

as seen on Server Fault - Search for 'Server Fault'
Does anyone know if it is possible for a windows 2003 DNS server to update the records for a domain so that it contains all the records of a domain of of a remotely based DNS server? Im almost certain that doesn't quite explain the problem so I shall illustrate with an example: We have two offices… >>> More
OpenVPN DNS: VPN DNS stomping local VPN

as seen on Super User - Search for 'Super User'
I've finally noodled with OpenVPN enough to get it working. Even better, I can mount samba drives, ping network machines through the TUN device, etc - it's all great. However, I'm noticing that if I have the directive: push "dhcp-option DNS 10.0.1.1" # Push our local DNS to clients Then some of… >>> More
Random DNS Client Issue with BIND9/Windows Server 2003 DNS

as seen on Stack Overflow - Search for 'Stack Overflow'
Within our office, we have a local server running DNS, for internal related "domains", (e.g. .internal, .office, .lan, .vpn, etc.). Randomly, only the hosts configured with those extensions will stop resolving on the Windows-based workstations. Sometimes it'll work for a couple weeks without issue… >>> More
DNS Tools - DNS and Few of its Concerning Terms and Tools

as seen on Article City - Search for 'Article City'
A DNS or Domain Name System lets you locate computers on a network or the Internet TCP/IP network by domain name. The DNS server sustains a database of domain names or host names along with their cor... [Author: Daisy Osbaldo - Computers and Internet - April 02, 2010] >>> More

Related posts about centos5

slow network in centos5 VM with centos5 host running KVM

as seen on Server Fault - Search for 'Server Fault'
I setup KVM following the guide here: http://www.cyberciti.biz/faq/centos-rhel-linux-kvm-virtulization-tutorial/ I setup a bridged network and it worked fine except that the transfer speed is 200KB/s instead of the gigabit speed that I get on the host machine by itself. I tried editing the guest… >>> More
slow network in centos5 VM with centos5 host running KVM

as seen on Server Fault - Search for 'Server Fault'
I setup KVM following the guide here: http://www.cyberciti.biz/faq/centos-rhel-linux-kvm-virtulization-tutorial/ I setup a bridged network and it worked fine except that the transfer speed is 200KB/s instead of the gigabit speed that I get on the host machine by itself. I tried editing the guest… >>> More
where is apache folder (path) for centos5

as seen on Stack Overflow - Search for 'Stack Overflow'
hi, i need the apache folder (path) for centos5 >>> More
X11 performance problem after upgrading from Centos3 to Centos5 with an ATI Rage XL

as seen on Server Fault - Search for 'Server Fault'
After upgrading a computer from Centos3 to Centos5 an application that does a lot of scrolling took a very high performance hit. top tells me that X is using a lot of CPU and that was not happening before. The machine has an ATI Rage XL with 8MB and X is using the ati driver as there is no proprietary… >>> More
Enable PDO for PHP5 on CentOS5 where PHP is configured as '--disable-pdo'

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi I have been given access to a CentOS5 machine by my client for their new site which uses Zend Framework. phpinfo() states in Configure Command that PDO is disabled ('--disable-pdo'). How can enable it? Do I need to recompile PHP5 to enable it? I have tried adding 'extension=pdo.so' in php.ini… >>> More