Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I encountered a DNS Amplification attack recently and was confused how the VM I was using could be involved given it wasn't running BIND.

It turned out that a VPN was implemented using `dnsmasq` which was responding to the DNS queries.

I ended up using firewall rules to drop the queries because it seems like in certain situations it's not enough to just configure `dnsmasq` to not respond to the requests: http://people.canonical.com/~ubuntu-security/cve/2012/CVE-20...

Just incase the information is useful to anyone else. :)

(I Am Not A Network Engineer.)



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: