티스토리 뷰

___네임서버

[네임서버] DNS amplification attacks

변군 변군이글루 2013. 6. 18. 00:29

[네임서버] DNS amplification attacks

http://www.ripe.net
- RIPE NCC(Reseaux IP Europeans) : 유럽, 동부 중앙 아시아
- 인터넷 기술지원 단체, IP, RIR, ISP 등 서비스 제공 안내

DNS amplification attacks

# tail -f /var/named/log/queries.log
29-May-2013 17:12:54.394 queries: info: client 64.62.138.98#36046: query: ripe.net IN ANY +E (192.168.0.2)
29-May-2013 17:12:54.394 queries: info: client 64.62.138.98#15214: query: ripe.net IN ANY +E (192.168.0.2)
29-May-2013 17:12:54.394 queries: info: client 64.62.138.98#14818: query: ripe.net IN ANY +E (192.168.0.2)
29-May-2013 17:12:56.574 queries: info: client 75.126.17.44#53127: query: ripe.net IN ANY +E (192.168.0.2)
29-May-2013 17:12:56.574 queries: info: client 75.126.17.44#27569: query: ripe.net IN ANY +E (192.168.0.2)
29-May-2013 17:12:56.574 queries: info: client 75.126.17.44#63351: query: ripe.net IN ANY +E (192.168.0.2)
29-May-2013 17:12:56.574 queries: info: client 75.126.17.44#32577: query: ripe.net IN ANY +E (192.168.0.2)

vi /etc/sysconfig/iptables
### isc.org ANY
-A INPUT -p udp -m string --hex-string "|03 69 73 63 03 6F 72 67 00 00 FF 00 01|" --algo kmp --to 53 -j DROP
### ripe.net ANY
-A INPUT -p udp -m string --hex-string "|01 04 72 69 70 65 03 6e 65 74 00|" --algo kmp --to 53 -j DROP

service iptables restart

 

참고 URL : http://securityaffairs.co/wordpress/wp-content/uploads/2012/03/dns-amplification-attack-big.jpg

댓글
댓글쓰기 폼