[dns-operations] DoS with amplification: yet another funny Unix script
Mathieu Arnold
mat at mat.cc
Wed Sep 12 13:35:52 UTC 2012
+--On 12 septembre 2012 15:25:16 +0200 Laurent Frigault
<lolo at troll.free.org> wrote:
| On Tue, Sep 11, 2012 at 09:29:53PM +0200, Mathieu Arnold wrote:
|> +--On 10 septembre 2012 16:41:11 +0200 Laurent Frigault
|> <lolo at troll.free.org> wrote:
|> | Instead of working on the DNS answer, I try a modified version based on
|> | the query on one of my DNS servers :
|>
|> I did that to begin with, the problem is that libpcap sees the packets
|> blocked by pf, so it never ends, on the other side, there is no answer if
|> the packet is blocked.
|
| Yes, but pf tables handle duplicate well , so this is not a problem for
| me.
It does, but I only sample like 200 queries every minute, so I ended up
with always the same IP being blocked and many slipping through.
--
Mathieu Arnold
More information about the dns-operations
mailing list