12
endor
5y

Either CloudFlare itself has decided to join the fun of attacking my DNS server, or somebody is just spoofing their IP in the UDP packets.
Crap, my ipset script is basically useless now, since the real source could be from anywhere :(

Any suggestions on what could I do to make this attack stop? It's not causing any real issues (at least for now), but it's still annoying as hell.
Get fucked, stupid skiddie who keeps manually changing the ip source in his script

Comments
  • 3
    did you contact cloudFlare?
  • 3
    @heyheni nah, I'm just a random guy with a tiny server, I doubt they'd care about me in any way, and I don't use any of their services.

    Most likely it's just somebody spoofing the source IP in the UDP packets - which can be done
  • 7
    Classical spoofing
  • 1
    Why not accept TCP only from clients except from your cidr? Pretty much anything with glibc can talk TCP DNS by default. Much harder to spoof a src IP then
  • 1
    @RichardoC because DNS uses UDP by default, and I'm not sure if any of my clients actually even supports DNS over TCP at all.

    Also, some of my clients have dynamic IPs from their ISPs that come from multiple cidr blocks. I guess I *could* try to look up all the ranges associated with each ISP, but honestly it would probably be a lot of work, and I don't wanna have any surprise outages just because I missed a block or something.
  • 2
    Try using a firewall
  • 0
    @h3kt1c0 lol, that screenshot *is* the output of my firewall - otherwise my server would have been fucked already
  • 0
    my suggestion: Start using CloudFlare :D
    free DDoS protection and caching
  • 0
    @bytecode it's not a website, it's my own dns server (which actually uses cloudflare as upstream service, incidentally)
  • 0
    @endor hm... true, my bad 😅
Add Comment