Skip to main content

Open DNS Recursive Resolver Attack

Dear blog reader, few days back I have face a huge DNS Amplification/Reflection attack from Mikrotik (MT) router. The Attack has been organized from different source to different destination. 

This attack also has been seen in different vendor router like d-link di-1705b, Buffalo,AirLive, Cisco(Cisco Systems, Inc. Firmware: 4608)

The Attack is possible because of MT router apply following tcp and udp packet filter destination port 53.

 IP>firewall>filter rules
chain=input action=drop protocol=udp in-interface=ether1-WAN dst-port=53
chain=input action=drop protocol=tcp in-interface=ether1-WAN dst-port=53

Same rule can be maintain for other router to block and disable resolver.

Please Note: in-interface should be your WAN port.

How to check your IP is used as open resolver

Linux command

#dig -t A jpudasaini.com.np @8.8.8.8

Note: Replace 8.8.8.8 with your IP address


Labels:

Comments

  1. Sebastijan PlacentoMarch 20, 2014 at 2:58 PM

    Fixed for me.
    Added for pppoe connection and ether interface and ISP reports everything is OK now.
    Thank you very much!

    ReplyDelete

Post a Comment

Popular posts from this blog

IOS XR GNS3 QEMU

This time lets have tutorial on Cisco XR 9k series router image running on the GNS3. Please don't ask for the XR image. Your are smart enough to get it. My system configuration: Ubuntu 16.04 GNS3 1.4 RAM 8Gig i7 processor Used XR Image iosxrv-k9-demo-6.0.1.qcow2 This image is VIRL extracted image. You need to convert this image into QEMU image, follow this link I strongly recommend you to run it on the Linux system. Now you have converted image, then go to the GNS3>Edit>Preferences>QEMU>Qemu VMs>New then follow the onscreen procedure. Setting for QEMU XR Image. RAM:- 4Gig CPU:- 1 Adapters at lest 4.  -enable-kvm Here you can see I can run the XR on my system. Interface is up and system is already booted.  I have run 3 XR router  here is my system RAM CPU usages. RP/0/0/CPU0:XR3(config)#int gi0/0/0/0 RP/0/0/CPU0:XR3(config-if)#ip add 192.168.13.2 255.255.255.252 RP/0/0/CPU0:XR3(con...
Post a Comment
Read more

Cisco ASA in GNS3

Here is another tutorial running Cisco ASAv on GNS3 using Qemu. For Configure GNS3 In My case I have used ASAv952-204.qcow2 Go  to the GNS3>Edit>Preferences>QEMU>Qemu VMs>New Follow on screen procedure.  Don't forget to enable kvm and memory allocation.  Now you can see I can run ASAv 9.5.2 Blank Password.
Post a Comment
Read more

Mikrotik Hotspot Redirect After Login

This tutorial assumed you already create Hotspot in your router. If you don't know how to create a hotspot in Mikrotik router, click here and create the Hotspot. . After successfully creating the hotspot server go to "Files" Menu of  the main Window of Mikrotik router Copy "hotspot" folder into your PC. Open "alogin" file with text editor Replace "link-redirect" text with your desire URL Now you're done! After successfully logging into the Hotspot server your client automatically redirects to your external link.  Don't forget to copy this folder into Mikrotik Router "Files" Menu. You can also drag and drop this folder into "Files" menu. 
8 comments
Read more