|
|
|
Zone transfer attack countermeasures are difficult to implement. The anonymity of the Internet makes it virtually impossible to determine the hacker's identity.
- Configure your DNS servers to deny access to zone transfer requests that do not come from specified hosts.
- This will stop your server from being an amplifier.
- Restrict communication across your router or firewall to only allow port 53 connections to and from certain systems. This will protect your server and LAN, but not your bandwidth to the Internet.
- Protect your bandwidth through cooperation with your ISP and an SLA.
|