bad DCC traffic from e-corp.net

Paul Vixie paul@vix.com
Mon Sep 2 15:13:17 UTC 2002


> What countermeasures are appropriate?

on the F and C root name servers, we use freebsd "ipfw" to limit each
ingress flow to 100Kbits/sec.  this seems to cause bad actors to slow
down, since they are in lockstep to our replies.

# limit inbound dns to 10Kbit/s UDP, 100Kbit/s TCP per source address (flow)
add     pipe 1          udp     from any to any 53 in
pipe 1  config  mask src-ip 0xffffffff buckets 1024 bw 10Kbit/s queue 3
add     pipe 2          tcp     from any to any 53 in
pipe 2  config  mask src-ip 0xffffffff buckets 1024 bw 100Kbit/s queue 3
# protect the host (normal firewall stuff)

you might consider something very similar in the dcc server code, since
not every dcc server will be running on freebsd or otherwise have this
kind of rate limiting built into its kernel.



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.