Re: Securing bind..

To: Petre Daniel <dani@cyber.ro>
Cc: nate <debian-user@aphroland.org>, debian-user@lists.debian.org
Subject: Re: Securing bind..
From: Alvin Oga <aoga@Maggie.Linux-Consulting.com>
Date: Sun, 30 Dec 2001 06:12:55 -0800 (PST)
Message-id: <[🔎] Pine.LNX.3.96.1011230060617.27115A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 5.1.0.14.2.20011230155321.009e9ec0@194.102.92.1>

hi ya petra

lots of different kind of floods...and DoS attacks...
what kind of attack are oyu under ???
	-- what shows up in tcpdump when monitoring all traffic 
	on the wire ???

if you're an "amplifier" .. you have to turn off icmp broadcasts 
at your incoming cisco router/fw

to test if you are a smurf amplifier.. see the links at
	http://www.Linux-Sec.net/harden/smurf.fix.txt

to test your DNS config....
	http://www.Linux-Sec.net/Audit/audit_tools.gwif.html#DNS

to harden your dns servers... and spoof protecting etc ..
	http://www.Linux-Sec.net/Harden/server.gwif.html#DNS

and lot of other stuff to harden too in addition to dns
	http://www.Linux-Sec.net/Harden/

have fun
alvin

On Sun, 30 Dec 2001, Petre Daniel wrote:

> Hello Nate,it seems i cant get the link of the advisory.Its about some sort 
> of amplyfing flood,when an ousider makes spoofed queries to the bind daemon 
> and another one ,the victim is flooded along with me the attacked..
> Thx..

Reply to:

References:
- Re: Securing bind..
  - From: Petre Daniel <dani@cyber.ro>

Prev by Date: Re: ipchains...masq..spyware..etc..etc
Next by Date: Re: "C" Manual
Previous by thread: Re: Securing bind..
Next by thread: Re: Securing bind..
Index(es):
- Date
- Thread