[Cialug] ddos-guard.net?
David Champion
dchamp1337 at gmail.com
Mon Apr 29 08:57:20 CDT 2013
Could be. The symptom I saw was the named service was taking a lot of CPU
time and mostly unresponsive on a server (#3 in a cluster of 4). The logs
had a bunch of these:
Apr 26 13:07:03 myhostname named[8212]: client 186.2.164.20#20591: no more
recursive clients: quota reached
That IP's PTR resolves to ddos-guard.net.
I blocked that IP in iptables and the problem appeared to go away.
I realize this was probably treating the symptom, but on a busy day
sometimes that's all you get.
-dc
On Sun, Apr 28, 2013 at 8:42 PM, Nicolai <nicolai-cialug at chocolatine.org>wrote:
> I ask because almost all DDoS attacks involving DNS servers are
> amplification attacks, in which case your server was not the actual
> victim.
>
>
> https://en.wikipedia.org/wiki/Denial-of-service_attack#Reflected_.2F_Spoofed_attack
>
> Nicolai
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
More information about the Cialug
mailing list