From owner-freebsd-questions@FreeBSD.ORG Thu Dec 18 06:25:25 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0815916A4CE for ; Thu, 18 Dec 2003 06:25:25 -0800 (PST) Received: from obsecurity.dyndns.org (adsl-63-207-60-234.dsl.lsan03.pacbell.net [63.207.60.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8CBC043D36 for ; Thu, 18 Dec 2003 06:25:23 -0800 (PST) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id CD65866C77; Thu, 18 Dec 2003 06:25:22 -0800 (PST) Date: Thu, 18 Dec 2003 06:25:22 -0800 From: Kris Kennaway To: Robert Eckardt Message-ID: <20031218142522.GC48442@xor.obsecurity.org> References: <20031216191701.M14568@Robert-Eckardt.de> <20031217042810.GA31507@xor.obsecurity.org> <20031218102846.M37848@Robert-Eckardt.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="xo44VMWPx7vlQ2+2" Content-Disposition: inline In-Reply-To: <20031218102846.M37848@Robert-Eckardt.de> User-Agent: Mutt/1.4.1i cc: questions@FreeBSD.org cc: Kris Kennaway Subject: Re: DOS of named X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Dec 2003 14:25:25 -0000 --xo44VMWPx7vlQ2+2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Dec 18, 2003 at 12:58:41PM +0100, Robert Eckardt wrote: > On Tue, 16 Dec 2003 20:28:10 -0800, Kris Kennaway wrote > > On Tue, Dec 16, 2003 at 10:01:33PM +0100, Robert Eckardt wrote: > > > Hi, > > >=20 > > > what measures can I take against this irregular appearing Denial-Of-S= ervice > > > attacks of named which is filling my logfiles (messages, daemon, all.= log) > > > with messages like "sysquery: no addrs found for root NS" for minutes= at > > > a rate of 4000 lines/sec? > > >=20 > > > I'm using named 8.3.3-REL on FBSD-5.0R. > >=20 > > Both are very old and have a number of known problems. Upgrade to=20 > > the latest versions. >=20 > Hi Kris, >=20 > You can't be serious. :-) I was; if you're complaining about bugs in old versions of the software, then the first thing to do is check whether those bugs have been fixed in later versions. Not all bug fixes are properly documented. > And as far as named is concerned: From looking at the discussion > on their mailing list this problem happens for a wide variety of > releases on different operating systems, but with no one having > the intention to fix it. (I even found the question I asked more > than 7 years ago on this list to the very same problem. At that > time the computers just weren't fast enough to write 4000 lines/sec.) > Thus, I cannot accept the simple call for the new release. OK, so you've done some further research about this (or just omitted this from the original message). The BIND mailing list may still be your best bet for discussion of this issue, despite previous lack of solution there. Kris --xo44VMWPx7vlQ2+2 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/4bjSWry0BWjoQKURAg0hAKCeUVTXx+bDT8RubYxqXurAKcL2GACfUpcu WZeN9GFrv5nqG17JSiOPsEM= =hwls -----END PGP SIGNATURE----- --xo44VMWPx7vlQ2+2--