[Sysadmins] Eircom DNS woes...

Brian Boyle brian.boyle at heanet.ie
Wed Jul 15 09:02:04 IST 2009


Colm MacCárthaigh wrote:
> On Tue, Jul 14, 2009 at 6:43 PM, James Raftery<james at now.ie> wrote:
>> On 14 Jul 2009, at 18:30, ajh wrote:
>>> I am pretty sure 213.94.190.194 and 213.94.190.236 (the recursive
>>> lookups) facing Eircom customers and handed out by RADIUS didn't allow
>>> lookups from non-Eircom IPs before.
>> Neither of these were answering my queries (from an eircom customer
>> network) at about 21.00 last night. Queries are trivially spoofed to
>> appear to come from an authorized IP address.
> 
> I'd have thought Eircom have RPF [1] or decent ACLs enabled on their
> border routers though, if not that seems like a big problem.

Can this help with a DDoS aimed at DNS poisoning though? In that case,
the packets will pass any filter check, unless there's a stateful firewall
in the way, which itself would probably become the point of failure.

Brian.
-- 
Brian Boyle, Network Services Manager
HEAnet Limited, Ireland's Education and Research Network
1st Floor, 5 George's Dock, IFSC, Dublin 1
Registered in Ireland, no 275301  tel: +353-1-660 9040  fax: +353-1-660 3666
web: http://www.heanet.ie/



More information about the Sysadmins mailing list