[Sysadmins] Eircom DNS woes...
brian.boyle at heanet.ie
Wed Jul 15 09:02:04 IST 2009
Colm MacCárthaigh wrote:
> On Tue, Jul 14, 2009 at 6:43 PM, James Raftery<james at now.ie> wrote:
>> On 14 Jul 2009, at 18:30, ajh wrote:
>>> I am pretty sure 220.127.116.11 and 18.104.22.168 (the recursive
>>> lookups) facing Eircom customers and handed out by RADIUS didn't allow
>>> lookups from non-Eircom IPs before.
>> Neither of these were answering my queries (from an eircom customer
>> network) at about 21.00 last night. Queries are trivially spoofed to
>> appear to come from an authorized IP address.
> I'd have thought Eircom have RPF  or decent ACLs enabled on their
> border routers though, if not that seems like a big problem.
Can this help with a DDoS aimed at DNS poisoning though? In that case,
the packets will pass any filter check, unless there's a stateful firewall
in the way, which itself would probably become the point of failure.
Brian Boyle, Network Services Manager
HEAnet Limited, Ireland's Education and Research Network
1st Floor, 5 George's Dock, IFSC, Dublin 1
Registered in Ireland, no 275301 tel: +353-1-660 9040 fax: +353-1-660 3666
More information about the Sysadmins