在搬瓦工的廉价 VPS 上搭了个 pdnsd 来对付 DNS 污染,结果被检测为不安全而咔嚓了,有解决方案吗?
cdfmr · 2014-03-02 12:32:55 +08:00 · 12886 次点击这是一个创建于 3701 天前的主题,其中的信息可能已经有所发展或是发生改变。
以下是收到的邮件通知,说容易遭受DoS攻击,但没说该怎么处理。
KiwiVM has detected an insecure recursive DNS resolver on IP x.x.x.x, which may result in your server getting involved in DNS Amplification DoS attacks.
To prevent this from happening, KiwiVM has blocked port 53 in your server by adding the following iptables rule:
iptables -I INPUT -p udp --destination-port 53 -j DROP
You can fix this vulnerability by securing your DNS daemon (or by removing it from your server).
Once this vulnerability is fixed, you may remove this iptables rule.
Yours truly,
KiwiVM vulnerability scanner
KiwiVM has detected an insecure recursive DNS resolver on IP x.x.x.x, which may result in your server getting involved in DNS Amplification DoS attacks.
To prevent this from happening, KiwiVM has blocked port 53 in your server by adding the following iptables rule:
iptables -I INPUT -p udp --destination-port 53 -j DROP
You can fix this vulnerability by securing your DNS daemon (or by removing it from your server).
Once this vulnerability is fixed, you may remove this iptables rule.
Yours truly,
KiwiVM vulnerability scanner
7 条回复 • 1970-01-01 08:00:00 +08:00
 |
1
lsylsy2 2014-03-02 12:56:00 +08:00  1
你开的是公开DNS?那确实不行,会被用来做放大攻击……
|
 |
2
isayme 2014-03-02 13:09:25 +08:00 1
不要脸自荐 https://github.com/isayme/DNSFilter (UDP污染包过滤掉,也可指定部分域名走TCP查询)
|
 |
5
oott123 2014-03-02 14:21:58 +08:00 via Android 1
弄个 iptables ,让它只允许你的 ip 段访问呗…
话说你搭在国外怎么对付 dns 污染? |
Select Language