[nsp-sec] 118K Resolvers used in 10Gbps attack
Gabriel Iovino
giovino at ren-isac.net
Fri Oct 11 11:00:05 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/11/2013 10:17 AM, Joel L. Rosenblatt wrote:
> Hi,
>
> We had 4 of those on Krista's list but not on the open resolver list
> ... it appears that you can configure a windows box so that it is not
> an open resolver, but if the request is in it's cache, it will answer
> anyway.
>
> We are looking for the setting to fix this now ... if someone out
> there knows that answer, I would appreciate a pointer
[DO NOT do this without understanding the implications to your
environment. I am not a Windows DNS administrator, I sometimes play one
on mailing lists]
Does deleting the cache.dns file fix this?
References:
Protecting Windows DNS Server from being abused for DNS amplification
attacks
http://social.technet.microsoft.com/Forums/windowsserver/en-US/fac86dc7-779d-48eb-a113-9c06c2222af9/protecting-windows-dns-server-from-being-abused-for-dns-amplification-attacks
Updating root hints
http://technet.microsoft.com/en-us/library/cc758353%28v=ws.10%29.aspx
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iEYEARECAAYFAlJYEnQACgkQwqygxIz+pTslSQCfZ099+OzqrXF1H05V/suBPvg8
pIAAn28kvv4IT9WoMF+1jAwMf8m1EeDK
=8LLL
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list