More new options

2010-08-24 01:46:31 +00:00 · 2010-08-24 01:46:31 +00:00 · 95c2688ea3
commit 95c2688ea3
parent 97dd5fa6f0
1 changed files with 3 additions and 1 deletions
--- a/include/functions
+++ b/include/functions
@ -127,8 +127,10 @@ function apply_ipv4_hack {
 	while [ $# -gt 0 ]; do
 		case "$1" in
 		NS-IN-DDOS)
+			# NS-IN-DDOS - Block DNS DDoS using NS/IN spoof, see:
+			# http://www.stupendous.net/archives/2009/01/24/dropping-spurious-nsin-recursive-queries/
 			display_c PURPLE " ./NS/IN-DDOS-FIX"
-			$IPTABLES -A INPUT -j DROP -p udp --dport domain -m u32 --u32 \
+			$IPTABLES -A INPUT -j DROP -p udp --dport 53 -m u32 --u32 \
 			"0>>22&0x3C@12>>16=1&&0>>22&0x3C@20>>24=0&&0>>22&0x3C@21=0x00020001"
 		;;	
 		esac