ดู log จากไฟล์ messages แลบพบ 'query (cache) './ANY/IN' denied'

boy_pishit · March 9, 2013, 4:27pm

ดูแล้วก็ไม่ค่อยรู้เรื่องว่าคืออะไรครับ แต่เยอะผิดสังเกต เครื่องอื่นไม่มีนะครับ แล้ว named ก็ใช้ CPU เยอะมากครับ เยอะกว่า httpd เลยสงสัยว่า : query (cache) ‘./ANY/IN’ denied คืออะไรครับ แล้วควรแก้อย่างไรดี ขอคำแนะนำด้วยครับ :baa60776:


Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#64882: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#4526: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#42763: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#4526: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#4526: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#4526: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#4526: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#4526: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#4526: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#58735: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#4526: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#42763: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#42763: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#42763: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#4526: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#42763: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#42763: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#42763: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#42763: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#42763: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#42763: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#42763: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#58735: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#58735: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#58735: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#58735: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#4526: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#58735: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#58735: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#58735: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#4526: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#58735: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#58735: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#58735: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#58735: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#45843: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#45843: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#45843: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#42763: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#45843: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#45843: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#45843: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#45843: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#45843: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#45843: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#45843: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#45843: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#45843: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#45843: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 66.190.144.17#58735: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#41523: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#41523: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#41523: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#41523: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#41523: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#41523: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#41523: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#41523: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#41523: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#41523: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#41523: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#41523: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#41523: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#41523: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#41523: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#25697: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#25697: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#25697: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#25697: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#25697: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#25697: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#25697: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#25697: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#25697: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#25697: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#25697: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#25697: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#25697: query (cache) './ANY/IN' denied
Mar  9 16:22:12 web01 named[466]: client 110.32.205.164#25697: query (cache) './ANY/IN' denied

icez · March 9, 2013, 4:44pm

http://www.icez.net/blog/68783/ddos-dns-amplification-attack

มันคืออันนี้ครับ

boy_pishit · March 9, 2013, 5:46pm

ลองทำตามแล้วครับ แต่ยังไม่หายครับ มีเท่าเดิมเลยครับ ไม่ทราบว่าถ้าโดนแบบนี้การเปลี่ยน IP จะช่วยได้ไหมครับ

icez · March 9, 2013, 6:10pm

จริงๆ วิธีแก้คือการ block IP ที่ยิงมาครับ

มี script ช่วยอยู่ที่ http://freedns.icez.net/dnsdump.txt

*** script นี้ไม่ compat กับ csf/apf กรุณาลบทิ้งก่อน เพราะแม่งไม่เคยช่วยอะไร***

ก่อนรัน สั่ง

iptables -N DNSFILTER
iptables -I INPUT -p udp --dport 53 -j DNSFILTER