On Wed, 2009-07-29 at 18:37 +0200, RedShift wrote:
Fredrik Eriksson wrote:
Hi, I've seen that there's a dynamic update ddos attack that is widely available on the net and after looking for the solution it seems that bind's latest patch (9.6.1-P1) solves this problem.
So my question is more like this, is extra/bind 9.6.1-1 in the repository the same as bind 9.6.1-P1? The build date of the current package in extra/ says the 18 July but the homepage of BIND says the latest patch was published the 28 July.
Best regards Fredrik Eriksson
According to a commenter on the slashdot news article about this issue, this should provide a temporary countermeasure:
iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32 '30>>27&0xF=5'
haven't tested it myself though...
The current version 9.6.1.P1-1 in extra corrects the issue. k
Glenn -- K. Piche <kpiche@rogers.com>