[dns-operations] Blocking DNS clients without authentifying them (Was: New subscribers

Stephane Bortzmeyer bortzmeyer at nic.fr
Tue Jan 18 08:01:25 UTC 2011


On Sat, Jan 15, 2011 at 02:37:50PM -0700,
 Jeff Taylor <shdwdrgn at sourpuss.net> wrote 
 a message of 33 lines which said:

> I wrote up a very simple BASH script which monitors my bind log and
> adds rules to iptables to block the offender, then removes the IP in
> 10 minutes and waits for a repeat offense. [...] (I can't tell if
> this is coming from spoofed IPs, or a botnet of some sort).

Indeed. There is a huge risk of DoS with your script, I could generate
spoofed DNS/UDP requests sent to you and claiming to come from .COM
name servers and your script would block Verisign...




More information about the dns-operations mailing list