DNS Server Spoofed Request Amplification DDoS - Prevention

Posted by Shackrock on Server Fault See other posts from Server Fault or by Shackrock
Published on 2011-11-10T14:23:04Z Indexed on 2011/11/12 17:53 UTC
Read the original article Hit count: 493

Filed under:
|
|
|

I've been conducting security scans, and a new one popped up for me:

DNS Server Spoofed Request Amplification DDoS 

The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer which is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server.

General Solution: Restrict access to your DNS server from public network or reconfigure it to reject such queries.

I'm hosting my own DNS for my website. I'm not sure what the solution is here... I'm really looking for some concrete detailed steps to patch this, but haven't found any yet. Any ideas?

CentOS5 with WHM and CPanel.

Also see: http://securitytnt.com/dns-amplification-attack/

© Server Fault or respective owner

Related posts about dns

Related posts about centos5