Just deflected a 3k client amplification attack on my public DNS infrastructure. Felt awesome πŸ˜‚

Β· Web Β· 2 Β· 0 Β· 2

@eleix That sounds pretty fucking big.
How does stopping that work anyway?

@Violet Just gotta look at the hex coming in with tcpdump and find a string that matches each one and then put that into a block rule on the mangle chain. Using mangle so that the moment in comes in it can be blocked and not take the system down.

@Violet Also I already have a limiter set in iptables so that for any address sending in queries they are rate limited up to 30 queries a minute and up to 4 ANY queries a minute so it wasn't like a constant stream but it was pretty close.

Sign in to participate in the conversation
Puppo Space

A general furry public instance. You don't have to be a furry to join. Any and all topics are fair game provided they do not conflict with the Code of Conduct.