[SAC] [Hosting] [RESOLVED] DDoS on OSL DNS Servers
Lance Albertson
lance at osuosl.org
Mon Oct 31 10:47:06 PDT 2022
This happened again this morning between 5:30-8:20AM PDT (1230-1520 UTC).
The attack is similar to what's described in this CVE [1] (NXNSAttack), but
I have confirmed that we have that patched on our servers. I have put in
some local changes on the servers to help ensure the service stays online
if it happens again. I'm working on getting this integrated into our
configuration management.
I also heard back from LinkOregon and they note that they do have some
mitigation measures in place, however it wasn't working with IPv6 at the
time. We noticed seeing a fairly equal amount of traffic for IPv4 and IPv6
during the event.
If anyone else has some recommended Bind configuration you use to mitigate
this, please let me know off list.
Thanks for your patience.
[1] https://kb.isc.org/docs/cve-2020-8616
On Fri, Oct 28, 2022 at 10:39 PM Lance Albertson <lance at osuosl.org> wrote:
> All,
>
> Between 5-8:15PM PDT (0000-0315 UTC), our DNS servers experienced a DDoS
> which affected DNS queries to our authoritative servers. Our caching
> servers were also somewhat affected, but less so it seems. The attack
> seemed to be sending millions of random queries to one of our hosted
> project's domains.
>
> I have a ticket open with LinkOregon to see if they have any additional
> information. Apologies for any issues this might have caused.
>
> We'll be looking at adding some additional rate limiting to hopefully
> mitigate this more in the future.
>
> If you have any other questions, please let me know via an email to
> support at osuosl.org
>
> Thank you!
>
> --
> Lance Albertson
> Director
> Oregon State University | Open Source Lab
>
--
Lance Albertson
Director
Oregon State University | Open Source Lab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/sac/attachments/20221031/1ddbda84/attachment.htm>
-------------- next part --------------
_______________________________________________
Hosting mailing list
Hosting at osuosl.org
https://lists.osuosl.org/mailman/listinfo/hosting
More information about the Sac
mailing list