Protecting your DNS Infrastructure with PHREL

Support issues for PHREL, the Per Host RatE Limiter.

Protecting your DNS Infrastructure with PHREL

Postby sella » Sun Oct 29, 2006 9:46 pm

A new article on PHREL has been posted. The article can be viewed on the PHREL website via the Protecting your DNS Infrastructure link.
User avatar
sella
Site Admin
 
Posts: 81
Joined: Sat Jan 17, 2004 6:53 pm
Location: Denver, CO

Re: Protecting your DNS Infrastructure with PHREL

Postby sella » Mon Aug 09, 2010 10:09 pm

For those of you dealing with your nameserver being used for a DDOS attack against a remote host, which can quickly fill your logs with messages such as "named[xxxx]: client 109.72.146.154#46250: error sending response: host unreachable", you can use PHREL, as described in the above article, to block the abuse and stop the log messages. For smaller traffic nameservers, you can set a threshold of 15pps with a rate of 0 to dynamically block the majority of these attacks. Larger traffic nameservers may need to use a slightly higher threshold.

Here's an example command line for phreld to block this:

phreld -p 53 -T 15:0
User avatar
sella
Site Admin
 
Posts: 81
Joined: Sat Jan 17, 2004 6:53 pm
Location: Denver, CO


Return to PHREL

Who is online

Users browsing this forum: No registered users and 11 guests