Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
endor56665y@heyheni nah, I'm just a random guy with a tiny server, I doubt they'd care about me in any way, and I don't use any of their services.
Most likely it's just somebody spoofing the source IP in the UDP packets - which can be done -
Why not accept TCP only from clients except from your cidr? Pretty much anything with glibc can talk TCP DNS by default. Much harder to spoof a src IP then
-
endor56665y@RichardoC because DNS uses UDP by default, and I'm not sure if any of my clients actually even supports DNS over TCP at all.
Also, some of my clients have dynamic IPs from their ISPs that come from multiple cidr blocks. I guess I *could* try to look up all the ranges associated with each ISP, but honestly it would probably be a lot of work, and I don't wanna have any surprise outages just because I missed a block or something. -
endor56665y@h3kt1c0 lol, that screenshot *is* the output of my firewall - otherwise my server would have been fucked already
-
endor56665y@bytecode it's not a website, it's my own dns server (which actually uses cloudflare as upstream service, incidentally)
Related Rants
Either CloudFlare itself has decided to join the fun of attacking my DNS server, or somebody is just spoofing their IP in the UDP packets.
Crap, my ipset script is basically useless now, since the real source could be from anywhere :(
Any suggestions on what could I do to make this attack stop? It's not causing any real issues (at least for now), but it's still annoying as hell.
Get fucked, stupid skiddie who keeps manually changing the ip source in his script
rant
dns
ddos
cloudflare