[dns-operations] Blocking DNS clients without authentifying them (Was: New subscribers
Stephane Bortzmeyer
bortzmeyer at nic.fr
Tue Jan 18 08:01:25 UTC 2011
On Sat, Jan 15, 2011 at 02:37:50PM -0700,
Jeff Taylor <shdwdrgn at sourpuss.net> wrote
a message of 33 lines which said:
> I wrote up a very simple BASH script which monitors my bind log and
> adds rules to iptables to block the offender, then removes the IP in
> 10 minutes and waits for a repeat offense. [...] (I can't tell if
> this is coming from spoofed IPs, or a botnet of some sort).
Indeed. There is a huge risk of DoS with your script, I could generate
spoofed DNS/UDP requests sent to you and claiming to come from .COM
name servers and your script would block Verisign...
More information about the dns-operations
mailing list