Displaying 20 results from an estimated 100 matches similar to: "Custom iptables rules to drop DNS Amplification Attacks"
2006 May 03
6
Scaffold Generation Problem
Greetings all,
I''m sure there is probably a very obvious reason for the following
problem. However, after much hair pulling, I am just not seeing it yet.
As you can see from the trace below, I am not able to complete scaffold
generation due to some problem between rails and mysql. I double
checked MySQL to make sure both my Ruby user and Root user have full
rights to the database.
2014 Feb 25
1
DNS amplification attacks
How can I configure samba4 to be protected against DNS amplification
attacks? Is there a way to set the network I want it to be recursive,
like in bind9?
My samba4 is receiving attacks and googling I found this:
http://dnsamplificationattacks.blogspot.com.br/2014/02/domain-gerdar3ru.html
--
---------------------------------------
Bruno Vane
S.O. do Brasil Telecomunica??es
+55 24 99306-8618 |
2019 Oct 01
1
Re: [NBDKIT SECURITY] Denial of Service / Amplification Attack in nbdkit
On 9/20/19 8:58 AM, Eric Blake wrote:
> On 9/12/19 12:41 PM, Richard W.M. Jones wrote:
>> We have discovered a potential Denial of Service / Amplification Attack
>> in nbdkit.
>
> Unfortunately, our fix for this issue cause another potential Denial of
> Service attack:
>
>>
>> Lifecycle
>> ---------
>>
>> Reported: 2019-09-11 Fixed:
2016 Nov 09
1
[Bug 98657] New: Reproducible freeze when changing volume amplification in kodi
https://bugs.freedesktop.org/show_bug.cgi?id=98657
Bug ID: 98657
Summary: Reproducible freeze when changing volume amplification
in kodi
Product: xorg
Version: unspecified
Hardware: x86-64 (AMD64)
OS: Linux (All)
Status: NEW
Severity: normal
Priority: medium
2013 Jan 17
1
concepts against amplification using dnssec
Hello,
Lutz Donnerhacke implemented DNS-Dampening.
http://lutz.donnerhacke.de/eng/Blog/DNS-Dampening
The implementation is available as patch for BIND9 only.
He told me that there is an other method preferred by the nsd developer.
It's called "Response Rate Limiting".
May one describe the idea behind rate limiting and compare it with Lutz' solution?
Thanks.
--
Andreas
2008 Jul 22
0
AST-2008-011: Traffic amplification in IAX2 firmware provisioning system
Asterisk Project Security Advisory - AST-2008-011
+------------------------------------------------------------------------+
| Product | Asterisk |
|--------------------+---------------------------------------------------|
| Summary | Traffic amplification in IAX2 firmware |
| |
2019 Sep 20
0
Re: [NBDKIT SECURITY] Denial of Service / Amplification Attack in nbdkit
On 9/12/19 12:41 PM, Richard W.M. Jones wrote:
> We have discovered a potential Denial of Service / Amplification Attack
> in nbdkit.
Unfortunately, our fix for this issue cause another potential Denial of
Service attack:
>
> Lifecycle
> ---------
>
> Reported: 2019-09-11 Fixed: 2019-09-11 Published: 2019-09-12
>
> There is no CVE number assigned for this issue
2016 Dec 05
0
Huge write amplification with thin provisioned logical volumes
Hi,
I've noticed huge write amplification problem with thinly provisioned
logical volumes and I wondered if anyone can explain why it happens and if
and how can be fixed. The behavior is the same on Centos 6.8 and Centos
7.2.
I have a NVME card (Intel DC P3600 -2 TB) on which I create a thinly
provisioned logical volume:
pvcreate /dev/nvme0n1
vgcreate vgg /dev/nvme0n1
lvcreate
2013 Oct 10
15
Remapping port below 1024 on the firewall
I give up and need help! I won''t add to the confusion by showing all the
combinations I have tried unsuccessfully... and yes, I''ve read FAQ2 and
FAQ2a many times!
When googling the subject of this post there are many answers that boil
down to using the same three iptables rules, two of which use nat. I
won''t repeat them here.
I don''t want to risk mixing
2013 Sep 10
6
lsm configuration issues...
Hi,
I use shorewall-4.5.4 + lsm-0.143 and it does not seem to work as expected...
When all providers are up, everything seems fine.
When one goes down, lsm says "link <provider> down event"... and it seems
ok but we then experience some problems such as a few unreachable sites,
DNS problems...
If I remove the downed provider from all confs and restart, everything works again.
2013 Oct 03
7
TCCLASSES vs Providers
Hi, I want to configure QoS in my shorewall conf but I have a doubt.
Now I am using tcrules with prerouting and with the file providers, like
this.
2:P 192.168.0.11 0.0.0.0/0 tcp 25
So, with this way I route my smtp traffic with my provider number 2.
Well, now I want to configure QoS with tcclasses and tcdevices, but if I do
that I need to use the MARK in the tcclasses
So, how
2013 Oct 03
2
Packetfence
Hi
Has anybody tried to combine shorewall (instead of iptables) with
packetfence?
/Göran
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and
2019 Sep 12
2
[NBDKIT SECURITY] Denial of Service / Amplification Attack in nbdkit
We have discovered a potential Denial of Service / Amplification Attack
in nbdkit.
Lifecycle
---------
Reported: 2019-09-11 Fixed: 2019-09-11 Published: 2019-09-12
There is no CVE number assigned for this issue yet, but the bug is
being categorized and processed by Red Hat's security team which may
result in a CVE being published later.
Credit
------
Reported and patched by Richard W.M.
2013 Oct 27
4
shorewall stop
hi, while stopping shorewall 4.5.21.2 on a debian7 box with the
ADMINISABSENTMINDED set to no in shorewall.conf, the connections on
vlan tagged interfaces that were active before the shorewall stop
command was executed are not terminated as it is for the firewall and
other interfaces!
when the firewall is stopped as expected new connections on vlan
tagged interface are refused but even
2013 Oct 10
3
Detect dhclient leases file in centos
Hello,
I''m using shorewall-4.5.16 with centos5. The dhclient stores the lease information on
the /var/lib/dhclient/dhclient-<DEVICE>.leases file.
The /var/lib/shorewall/firewall script has the function detect_dynamic_gateway that
detects the gateway based on the leases file. The code in the function is:
detect_dynamic_gateway() { # $1 = interface
local interface
2013 Sep 30
4
strange problem
Hi,
In log I get:
-----------------------------------------------------------
Sep 30 16:19:03 host kernel: Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=ip1 DST=ip2 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=27279 DF PROTO=TCP SPT=51501 DPT=25 WINDOW=8192 RES=0x00 SYN URGP=0
----------------------------------------------------------
Even in /etc/shorewall/rules I have
2013 Oct 07
4
AutoBL issues on CentOS 6
Hi Tom and all,
I started to play a bit with the AutoBL action on a CentOS 6 box and ran
into the following problems:
1) The action.AutoBL doesn''t work for me until I patch it like so:
--- /usr/share/shorewall/action.AutoBL.orig 2013-10-01
00:59:42.000000000 +0200
+++ /usr/share/shorewall/action.AutoBL 2013-10-07 14:44:31.530841099 +0200
@@ -22,6 +22,9 @@
DEFAULTS
2013 Oct 08
5
Shorewall dropping packets that should be forwarded
I had to restart one of my routers tonight and since then shorewall on
it has been dropping SIP packets coming in from one machine instead of
forwarding them to the freebpx server.
Shorewall:net2all:DROP:IN=eth0 OUT= MAC=<removed> SRC=<my home network
external ip> DST=<server network external ip> LEN=575 TOS=0x00
PREC=0x20 TTL=78 ID=230 PROTO=UDP SPT=5061 DPT=5060
2009 Dec 07
2
Are there free R webinar recordings somewhere ?
Hi all,
A friend just sent me this:
http://www.mathworks.com/company/events/webinars/index.html?id=&language=en
<http://www.mathworks.com/company/events/webinars/index.html?id=&language=en>And
asked me if there is something of the like in the R community.
Does anyone know of such a think ?
Cheers,
Tal
----------------Contact
2013 Nov 05
8
Forwarding external traffic to another external server?
I''m trying to use my VPS server (single interface of course) as
somewhat of a VPN gateway to my other location (which is not
accessible directly from some places) where the openvpn server is
running, and am kind of lost as to what to try next.
I tried a redirect rule, but apparently shorewall didn''t like that (it
just failed to start).
I tried adding the rules via