Find the answer to your Linux question:
Results 1 to 2 of 2
Hi all, I've been getting these messages ('isc.org/ANY/IN' denied: 1466 Time(s) ) through on my logwatch. I'm a bit of an amateur but have done quite a bit of research ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2013
    Posts
    1

    'isc.org/ANY/IN' denied: 1466 Time(s) hacking solution


    Hi all,

    I've been getting these messages ('isc.org/ANY/IN' denied: 1466 Time(s) ) through on my logwatch. I'm a bit of an amateur but have done quite a bit of research on this and found these 2 rules for my iptables -

    iptables -I INPUT 1 -p udp --dport 53 -m string --from 50 --algo bm --hex-string '|0000FF0001|' -m recent --set --name dnsanyquery

    iptables -I INPUT 2 -p udp --dport 53 -m string --from 50 --algo bm --hex-string '|0000FF0001|' -m recent --name dnsanyquery --rcheck --seconds 60 --hitcount 5 -j DROP

    However having installed them I'm still getting the same messages. I'd be really grateful if somebody was able to tell me what I've done wrong.

    Thanks very much,
    A

  2. #2
    Linux User Steven_G's Avatar
    Join Date
    Jun 2012
    Location
    Western US
    Posts
    344
    It's a reflection attack. You're not under attack per se. But crap is being "bounced" off of you and your bandwidth is being utilized to attack others.

    Dig through the links below and follow the links inside the links. Do some reading and use these links to help you do some Googles. There's lots of info available on what this is and what can be done about it.

    Link 1
    Link 2
    Link 3

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •