A few threads elsewhere suggest adding "query source" option in named i.e query-source address * port 53; which would allow simplier firewall configuration? Regards, On 12 March 2012 18:00, Chuck Swiger
Introduction to Linux - A Hands on Guide This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started Follow this article on DNS server hardening. C. I had a jail: JID IP Address Hostname Path 36 10.55.0.117 ansible-test /usr/jails/ansible-test The jail was largely unused.
Page 1 of 2 1 2 Next > NoAgendas Guest No sites are loading and ALL OF A SUDDEN server stats in whm shows a few services instead of all the S 06:28 0:00 cppop - serving 220.127.116.11 - AUTHORIZATION root 606 0.0 0.1 13676 5732 ? C program run. Is there a way to completely drop these requests to begin with?
Results 1 to 9 of 9 Thread: NAMED attack - spoofed IP's Tweet Thread Tools Show Printable Version Subscribe to this Thread… Search Thread Advanced Search Display Linear Mode Switch Useful Searches Recent Posts Resources Resources Quick Links Search Resources Most Active Authors Latest Reviews Feature Requests Defects Menu Log in Sign up The Community Forums Interact with an entire community After you install the package, set it up to block hosts that send more than 15 pps to port 53, like so: phreld -p 53 -T 15:0 share|improve this answer edited Are you new to LinuxQuestions.org?
Any help? Newer Than: Search this thread only Search this forum only Display results as threads More... rebooted the whole server Running out of ideas? Believe it or not, I just remembered that about 20 minutes ago.
What recommend APF config would you suggest? Attempting to find the source, I started a tcpdump on the host: $ sudo tcpdump -ni em0 host 10.55.0.117 Password: tcpdump: verbose output suppressed, use -v or -vv for full protocol Search this Thread 03-04-2014, 02:55 PM #1 rootaccess Member Registered: Mar 2012 Posts: 211 Rep: Help with named - error sending response: host unreachable I am getting flooded by User #58479 4021 posts macmanluke Whirlpool Forums Addict reference: whrl.pl/RdKbFm posted 2013-Oct-16, 11:06 am ref: whrl.pl/RdKbFm posted 2013-Oct-16, 11:06 am O.P.
I do not know why. #1 NoAgendas, Aug 17, 2006 Last edited by a moderator: Aug 17, 2006 NoAgendas Guest Cpanel loads EXTREMELY SLOW (while the most minimal cpu/memory usage http://forum.directadmin.com/showthread.php?t=15730 Jeff
SNs 01:00 0:00 /usr/bin/perl /scripts/cpbackup root 17635 0.0 0.0 1484 444 ? S 06:27 0:00 cppop - serving 18.104.22.168 - AUTHORIZATION root 507 0.0 0.1 13676 5732 ? Please read our faq in particular May I promote products or websites I am affiliated with here?. –Hangin on in quiet desperation Dec 14 '12 at 8:34 add a comment| Your How can I stop this?
current community blog chat Server Fault Meta Server Fault your communities Sign up or log in to customize your list. I think you missed my last question as you responded at the same time. Similar Threads - error sending response Warning: Error while sending QUERY packet.
Strange that it is not there by defaultClick to expand... All rights reserved. Recursion is set to off, I had massive requests and I realized recursion was not set to no in my external views so that cleared up that problem. In response to the first reply: The issue with this really is that tcpdump doesn't show any problems.
I want these people to stop whatever it is they are doing to trigger this event that is then logged.. error sending response: host unreachable Discussion in 'General Discussion' started by NoAgendas, Aug 17, 2006. Hope this helps! I tailed /var/log/messages and it was strolling these lines for example: Aug 17 00:21:11 server named: zone client1.co.uk/IN: loaded serial 2006040801 Aug 17 00:21:11 server named: zone client2-net.co.uk/IN: loaded serial 2006040807
http://www.darkreading.com/attacks-b...in-r/240151862 smallpond View Public Profile View LQ Blog View Review Entries View HCL Entries View LQ Wiki Contributions Find More Posts by smallpond 03-04-2014, 03:21 PM #3 rootaccess Member Thanks for pointing out my typo; I've fixed it. The clients are all the same, about 10-12 clients trying to use my dns to attack others. You may have to register before you can post: click the register link above to proceed.
Reply With Quote 0 10-15-2013,11:55 AM #6 LP560 View Profile View Forum Posts View Forum Threads Visit Homepage Web Hosting Master Join Date Apr 2005 Location Tinterweb Posts 555 Thanks #7 NoAgendas, Aug 17, 2006 NoAgendas Guest Chirpy where are you my friend? :D #8 NoAgendas, Aug 18, 2006 chirpy Well-Known Member Joined: Jun 15, 2002 Messages: 13,475 Blocked out a heap of those ips for now. Powered by vBulletin Version 4.2.3 Copyright © 2016 vBulletin Solutions, Inc.