fail2ban-configs icon indicating copy to clipboard operation
fail2ban-configs copied to clipboard

Published 20 hours ago verified publisher icon mikechau

Expansion

Open egberts opened this issue 4 years ago • 0 comments

There was a smaller amplification attack using DNS-QUERY-REFUSED. And I've made another filter for it.

There doesn't seem to be a way to configure BIND9 to NOT respond with a REFUSE, not even rate-limit can stop that.

Detail: https://egbert.net/blog/articles/troubleshooting-regex-in-fail2ban-during-bind9-ddos.html

https://github.com/mikechau/fail2ban-configs/blob/0d9aa030db4cb5e2fb6ebae14447025421aee7d3/filter.d/named-refused.conf#L29

egberts avatar Sep 19 '20 23:09 egberts