OpenDNS has shown some unwanted activity coming from my network.
A lot of DNS requests for some dodgy looking domains.
Looks like a DNS amplification attack, read up on it here.
http://blog.cloudflare.com/deep-inside-a-dns-amplification-ddos-attack
Turns out the DNS resolver is open to the Internet. Fix this in the dnsmasq config by setting it to listen on the LAN interface only.
root@voyage:/etc/network/if-up.d# remountrw
root@voyage:/etc/network/if-up.d# vi /etc/dnsmasq.conf
# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
interface=br0
root@voyage:/etc/network/if-up.d# /etc/init.d/dnsmasq restart
Check it using this site:
http://www.thinkbroadband.com/tools/dnscheck.html
A lot of DNS requests for some dodgy looking domains.
Looks like a DNS amplification attack, read up on it here.
http://blog.cloudflare.com/deep-inside-a-dns-amplification-ddos-attack
Turns out the DNS resolver is open to the Internet. Fix this in the dnsmasq config by setting it to listen on the LAN interface only.
root@voyage:/etc/network/if-up.d# remountrw
root@voyage:/etc/network/if-up.d# vi /etc/dnsmasq.conf
# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
interface=br0
root@voyage:/etc/network/if-up.d# /etc/init.d/dnsmasq restart
Check it using this site:
http://www.thinkbroadband.com/tools/dnscheck.html
No comments:
Post a Comment