通过以下 Referral 链接购买 DigitalOcean 主机,你将可以帮助 V2EX 持续发展
› DigitalOcean - SSD Cloud Servers
这是一个创建于 3957 天前的主题,其中的信息可能已经有所发展或是发生改变。
是不是要去修改DNS 设置?
-----------
Please review the following abuse complaint and provide us with a resolution:
******************************
You appear to be running an open recursive resolver at IP address 162.243.150.*** that participated in an attack against a customer of ours today, generating large UDP responses to spoofed queries, with those responses becoming fragmented because of their size.
Please consider reconfiguring your resolver in one or more of these ways:
- To only serve your customers and not respond to outside IP addresses (in BIND, this is done by defining a limited set of hosts in "allow-query"; with a Windows DNS server, you would need to use firewall rules to block external access to UDP port 53)
- To only serve domains that it is authoritative for (in BIND, this is done by defining a limited set of hosts in "allow-query" for the server overall but setting "allow-query" to "any" for each zone)
- To rate-limit responses to individual source IP addresses (DNS Response Rate Limiting, or DNS RRL)
More information on this type of attack and what each party can do to mitigate it can be found here: http://www.us-cert.gov/ncas/alerts/TA13-088A
If you are an ISP, please also look at your network configuration and make sure that you do not allow spoofed traffic (that pretends to be from external IP addresses) to leave the network. Hosts that allow spoofed traffic make possible this type of attack.
Example DNS responses from your resolver during this attack are given below. Times are PST (UTC-8), and the date is 2014-01-20.
11:03:13.954317 IP (tos 0x0, ttl 55, id 46383, offset 0, flags [+], proto UDP (17), length 1500) 162.243.150.118.53 > 208.146.35.15.55281: 50856 242/6/1 dong.zong.co.ua. A[|domain]
0x0000: 4500 05dc b52f 2000 3711 7bd6 a2f3 9676 E..../..7.{....v
0x0010: d092 230f 0035 d7f1 0fce 1023 c6a8 8180 ..#..5.....#....
0x0020: 0001 00f2 0006 0001 0464 6f6e 6704 7a6f .........dong.zo
0x0030: 6e67 0263 6f02 7561 0000 ff00 01c0 0c00 ng.co.ua........
0x0040: 0100 0100 001f 9700 046f 3681 .........o6.
11:03:14.169240 IP (tos 0x0, ttl 55, id 46384, offset 0, flags [+], proto UDP (17), length 1500) 162.243.150.118.53 > 208.146.35.15.54953: 4495 242/6/1 dong.zong.co.ua. A[|domain]
0x0000: 4500 05dc b530 2000 3711 7bd5 a2f3 9676 E....0..7.{....v
0x0010: d092 230f 0035 d6a9 0fce be85 118f 8180 ..#..5..........
0x0020: 0001 00f2 0006 0001 0464 6f6e 6704 7a6f .........dong.zo
0x0030: 6e67 0263 6f02 7561 0000 ff00 01c0 0c00 ng.co.ua........
0x0040: 0100 0100 001f 9600 046e bbb1 .........n..
11:03:14.257575 IP (tos 0x0, ttl 55, id 46385, offset 0, flags [+], proto UDP (17), length 1500) 162.243.150.118.53 > 208.146.35.15.59438: 4102 242/6/1 dong.zong.co.ua. A[|domain]
0x0000: 4500 05dc b531 2000 3711 7bd4 a2f3 9676 E....1..7.{....v
0x0010: d092 230f 0035 e82e 0fce ae89 1006 8180 ..#..5..........
0x0020: 0001 00f2 0006 0001 0464 6f6e 6704 7a6f .........dong.zo
0x0030: 6e67 0263 6f02 7561 0000 ff00 01c0 0c00 ng.co.ua........
0x0040: 0100 0100 001f 9600 046a 2529 .........j%)
-John
President
Nuclearfallout, Enterprises, Inc. (NFOservers.com)
(We're sending out so many of these notices, and seeing so many auto-responses, that we can't go through this email inbox effectively. If you have follow-up questions, please contact us at [email protected].)
******************************
Please note that generating multiple abuse complaints in a short period of time may lead to your account being suspended.
-----------
Please review the following abuse complaint and provide us with a resolution:
******************************
You appear to be running an open recursive resolver at IP address 162.243.150.*** that participated in an attack against a customer of ours today, generating large UDP responses to spoofed queries, with those responses becoming fragmented because of their size.
Please consider reconfiguring your resolver in one or more of these ways:
- To only serve your customers and not respond to outside IP addresses (in BIND, this is done by defining a limited set of hosts in "allow-query"; with a Windows DNS server, you would need to use firewall rules to block external access to UDP port 53)
- To only serve domains that it is authoritative for (in BIND, this is done by defining a limited set of hosts in "allow-query" for the server overall but setting "allow-query" to "any" for each zone)
- To rate-limit responses to individual source IP addresses (DNS Response Rate Limiting, or DNS RRL)
More information on this type of attack and what each party can do to mitigate it can be found here: http://www.us-cert.gov/ncas/alerts/TA13-088A
If you are an ISP, please also look at your network configuration and make sure that you do not allow spoofed traffic (that pretends to be from external IP addresses) to leave the network. Hosts that allow spoofed traffic make possible this type of attack.
Example DNS responses from your resolver during this attack are given below. Times are PST (UTC-8), and the date is 2014-01-20.
11:03:13.954317 IP (tos 0x0, ttl 55, id 46383, offset 0, flags [+], proto UDP (17), length 1500) 162.243.150.118.53 > 208.146.35.15.55281: 50856 242/6/1 dong.zong.co.ua. A[|domain]
0x0000: 4500 05dc b52f 2000 3711 7bd6 a2f3 9676 E..../..7.{....v
0x0010: d092 230f 0035 d7f1 0fce 1023 c6a8 8180 ..#..5.....#....
0x0020: 0001 00f2 0006 0001 0464 6f6e 6704 7a6f .........dong.zo
0x0030: 6e67 0263 6f02 7561 0000 ff00 01c0 0c00 ng.co.ua........
0x0040: 0100 0100 001f 9700 046f 3681 .........o6.
11:03:14.169240 IP (tos 0x0, ttl 55, id 46384, offset 0, flags [+], proto UDP (17), length 1500) 162.243.150.118.53 > 208.146.35.15.54953: 4495 242/6/1 dong.zong.co.ua. A[|domain]
0x0000: 4500 05dc b530 2000 3711 7bd5 a2f3 9676 E....0..7.{....v
0x0010: d092 230f 0035 d6a9 0fce be85 118f 8180 ..#..5..........
0x0020: 0001 00f2 0006 0001 0464 6f6e 6704 7a6f .........dong.zo
0x0030: 6e67 0263 6f02 7561 0000 ff00 01c0 0c00 ng.co.ua........
0x0040: 0100 0100 001f 9600 046e bbb1 .........n..
11:03:14.257575 IP (tos 0x0, ttl 55, id 46385, offset 0, flags [+], proto UDP (17), length 1500) 162.243.150.118.53 > 208.146.35.15.59438: 4102 242/6/1 dong.zong.co.ua. A[|domain]
0x0000: 4500 05dc b531 2000 3711 7bd4 a2f3 9676 E....1..7.{....v
0x0010: d092 230f 0035 e82e 0fce ae89 1006 8180 ..#..5..........
0x0020: 0001 00f2 0006 0001 0464 6f6e 6704 7a6f .........dong.zo
0x0030: 6e67 0263 6f02 7561 0000 ff00 01c0 0c00 ng.co.ua........
0x0040: 0100 0100 001f 9600 046a 2529 .........j%)
-John
President
Nuclearfallout, Enterprises, Inc. (NFOservers.com)
(We're sending out so many of these notices, and seeing so many auto-responses, that we can't go through this email inbox effectively. If you have follow-up questions, please contact us at [email protected].)
******************************
Please note that generating multiple abuse complaints in a short period of time may lead to your account being suspended.
 |
1
Livid MOD  1
如果你机器上就没打算跑公开 DNS 的话,把自己的 53 端口封掉。
|
Select Language