Projects / DNS Flood Detector

DNS Flood Detector

DNS Flood Detector was developed to detect abusive usage levels on high traffic nameservers and to enable quick response in halting (among other things) the use of one's nameserver to facilitate spam. DNS Flood Detector uses libpcap (in non-promiscuous mode) to monitor incoming dns queries to a nameserver. The tool may be run in one of two modes, either daemon mode or "bindsnap" mode. In daemon mode, the tool will alarm via syslog. In bindsnap mode, the user is able to get near-real-time stats on usage to aid in more detailed troubleshooting.

Tags
Licenses
Operating Systems

Recent releases

  •  05 Mar 2006 05:11

    Release Notes: Address filtering options are now available, as are fractional query rates for better precision. This update also fixes several crashes and segfaults that affected overall reliability.

    •  20 Jul 2005 23:57

      Release Notes: This release adds A6, AAAA, and ANY qtypes. It examines all packets with >=1 qdcount. It will stop processing packets with invalid DNS characters. TCP parsing has been fixed. A '-D' option has been added to dump DNS packets.

      •  31 Oct 2003 04:19

        Release Notes: A "mark stats" capability was added, which allows periodic logging of aggregate query rates. For example, it can be used to build pretty graphs. Some code cleanup was done on the verbose syslogging code.

        •  21 Oct 2003 00:51

          Release Notes: This release fixes a buffered output problem in bindsnap mode which made it difficult to direct output to a file, changes the syslog logging priority to "notice" from "info" to keep syslogd on default FreeBSD installations from discarding the messages, and fixes a logging bug encountered at low traffic rates while in "-v -v" mode.

          •  02 Sep 2003 23:30

            Release Notes: This release adds malloc failure handling, pthread mutex locking, and "-v -v" support to daemon mode. It fixes the alarm reset bug in daemon mode and a segfault problem caused by bogus qtypes.

            Screenshot

            Project Spotlight

            OpenStack4j

            A Fluent OpenStack client API for Java.

            Screenshot

            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.