1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2013
    Rep Power

    DNS Amp Attack Solution

    Currently, we have a business line from Comcast that comes into our neighborhood, and a local guy runs things and splits it out to us in the neighborhood for a monthly fee. Works out pretty well. We get fairly cheap internet, he makes some money. He also hosts some domains on his servers and two DNS servers.

    For the last few days, we have been getting hit hard with fake DNS queries. It's similar to a DDoS attack. To be honest I really don't know much about DNS and I'm still learning. I'm good with computers in general (Have my A+, going for Net+ at the end of the semester).

    According to the guy who runs it in the neighborhood, he has two DNS servers on Server 2008, using the built in windows tool for DNS. From what I understand, Windows DNS can't handle internal DNS queries differently from external (internet) queries.

    (I know this probably isn't worded too well)

    My question is, what can we do about the DNS attacks without setting up entirely new servers? (which would take weeks)

    Appreciate any help I can be given.

  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2011
    Rep Power
    It is very difficult to answer your question without knowing the nature of the attack. If those DNS servers are not set up to restrict recursion to a specific set of IP addresses, there is no helping you. The latest attack description from US-Cert can be found here:

    J.A. Coutts

IMN logo majestic logo threadwatch logo seochat tools logo