possible UDP attack on BIND?

ubuntu bind amazon-ec2 udp

It looks to me your server is being used in a DNS amplification attack.
I don't know the pricing model of Amazon EC2, but I'd be surprised if this traffic didn't count.

It works like this:
Someone is sending a DNS query to your server with the spoofed IP 108.162.233.15.
Your server answers this query to the real victim - 108.162.233.15.
The query is pretty small, but the answer is quite big (check dig -t ANY isc.org).

The real question is, why does your server answer these queries?
Are you intentionally running an public recursive DNS for everybody to use?

If not, you need to disable recursion or limit it to trusted/known clients (recursion no; and allow-query-cache {none;};).

Related

Transfer an account from a 'dead' domain
Granting rights on postgresql database to another user
Gmail.com detect mail as spam, but the server is not on any BlackList
High Server Load cannot figure out why [closed]
Disk write speed much slower than read speed
How to add NTFS partition on remote server to VMWare ESXi 5.1
Can't resolve local IP using remote dns server
Powershell script to copy file named 'dat' from multiple folders
How can I quickly install FreeBSD ports?
user unable to connect to git (using gitolite on ubuntu)
SSH session through an IPSec VPN tunnel freezes when command outputs longer text
Two HP iLOs have gone unresponsive, and are in a colo. Is there any way to remotely troubleshoot?