Ping a Specific Port

Question

Ján Lalinský

Asked: 2021-06-30 11:23:56 +0800 CST2021-06-30 11:23:56 +0800 CST 2021-06-30 11:23:56 +0800 CST

How to find local DNS attackers on Linux machine?

772

On a shared hosting server (centos8), thousands of websites are hosted. They all use single DNS service running as local recursive resolver (BIND 9).

We observe random overload events with no clear culprit.

One hypothesis is that some website (unix user) is attacking local DNS resolver.

In the context of locally running bind daemon, what is the best way to make it log not only the DNS query, but also the unix user that sent it? Is it even possible?

1 Answers

Voted

t3ln3t · Answer 1 · 2021-06-30T21:40:45+08:00

t3ln3t

2021-06-30T21:40:45+08:002021-06-30T21:40:45+08:00

You might look into running DNStop on your recursive box. It will clearly identify if you have clients abusing your service in a glance. Can be easier than observing logs, especially if you are taking a significant amount of traffic.

You should be able to find DNStop in the EPEL repositories and install with ease.

more information on this nifty tool can be found here: http://dns.measurement-factory.com/tools/dnstop/

0

How to find local DNS attackers on Linux machine?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?