[Dnsmasq-discuss] Help in DNS amplification attack
albert.aribaud at free.fr
Thu Jul 16 10:53:27 BST 2015
Le Thu, 16 Jul 2015 11:40:42 +0530, "@shuToSH Ch at tURveDI"
<ashutosh.chaturvedi.31 at gmail.com> a écrit :
> using dnsmasq version 2.70, as mention in CHANGELOG that dns amplification
> attack has been fixed in this version.
> but when checked this one
> its not fixed, so anyone can help me this case how to fix this.??
Maybe I'm mistaken, but I think what this page actually tests for is
whether a given 1and1 hosted machine is an open DNS, not whether it has
a bug which allows DNS amplicifation.
Indeed being an open DNS makes the machine prone to being used for DNS
amplification attacks, but:
1) this test is specifically for 1and1 machines. Is your machine hosted
2) Whether a machine running dnsmasq is an open DNS or not depends on
*configuration*, not source code -- the fix is a correct configuration
(of dnsmasq and/or iptables/ip6tables).
More information about the Dnsmasq-discuss