[dnsdist] non ascii characters in dns requests
ccppprogrammer
ccppprogrammer at gmail.com
Tue Feb 21 10:10:19 UTC 2017
Dear All!
I have weird DNS attacks where attackers requests dns name with non ascii
characters (\032 at the end of domain name). Because of that dnsdist can't
filter such dns requests. I tried filter with and without non ascii
characters but without success.
Any suggestions what to do in such situation?
Thanks in advance!
13:01:38.217462 IP 108.32.239.244.50742 > x.x.x.x.53: 62447+ A?
xhtlaakmz.jiang.com . (38)
13:01:38.288748 IP 41.141.90.47.43849 > x.x.x.x.53: 11866+ A?
nopqefguiwxym.jiang.com . (42)
13:01:38.309814 IP 47.169.20.171.29181 > x.x.x.x.53: 43540+ A? gpg.jiang.com
. (32)
> topQueries(20,2)
1 jiang.com\032. 9415 94.2%
> showRules()
# Matches Rule Action
117 0 qname==jiang.com\032. drop
118 0 qname==jiang.com. drop
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20170221/9da0d47b/attachment.html>
More information about the dnsdist
mailing list