Date: Thu, 19 Mar 2015 15:42:54 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: freebsd-questions@freebsd.org Subject: Re: public network traffic to my ip address port 53 Message-ID: <550AEE7E.2000707@infracaninophile.co.uk> In-Reply-To: <550AEAC2.8040000@gmail.com> References: <wu7mw39dok7.fsf@banyan.cs.ait.ac.th> <550AEAC2.8040000@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --GOG8wslfBwd4EUiF4aJhI2PsWUdHUxt8F Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 03/19/15 15:26, Ernie Luzar wrote: > I have been running this home server for 15 years and have never had a > dsn server. > Last time I scrutinized my firewall log was 2 plus years ago and I did= > not have all this unsolicited inbound dns traffic. > To me it looks like a search for dos targets. To my knowledge dsn > servers DON'T roll through pubic IP address ranges looking for other > dsn servers. This is indeed the result of people, or rather, bots, trying to exploit poorly configured recursive DNSes. If they can find a server that responds, they will use it as a traffic amplifier for DoS attacks. Consequently there are a lot of DNS queries hitting random addresses trying to find those poorly configured DNS servers. > So I ask the question again "Is there any valid reason to allow these > unsolicited inbound packets access to my system on port 53?". No. They are bogus. Block them at your firewall. Cheers, Matthew --GOG8wslfBwd4EUiF4aJhI2PsWUdHUxt8F Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJVCu5/XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTn/1sQAJQEpdhhyHRZ61EM0B6hevQ0 yja1vegs/kSHmhhudeZ5XvOgN5/DWGsWEIvR9Ap8UVSLh/uRY6zg7Fd3dpBrmQdT HfnahSzBxa/wZfM1XtdMmRdoKto3GeYiODgcjgQjG8B4sw5ZZ8Vw7q4X0/KCzdPW EYLGQh+cj0gkapIVgl6qC0mZs48GPkdzQsr9woIvJu/rvSLjkY229ajKDjViCfd1 9vVO+PyCzwSZs4oEfRY00lSpN/CMz9aGlaejGY8J83IamF98+srDis5GpToVP5f+ CvSCtIKezJVSIzAFVPRUhpCLhsQug+KULxOx+pqsVVxi1Rm833KSfavmvpsyPpC/ zuMXhl7ur4lkNmE/qugObM2O6i5PuomRmu49bTKKiA3rAGrDpp6Zwo60VaDsFBlL hsryb9WmF2g/1VzavwD2Apt/CyRxP03xiXDpW6qMSgbuk4NLa/7CEI2eiw2DRcuZ u0wQsDwuouIN/bkfX9o9nazTf3ZkaITYjTFnfkMf8ryrd74jaqp62V0/4JCQy52o WaRS9l2AIKqu+HrQOxzzkU9N69McPIs5gf2y9zkL4kYVz4nzEudeSmCesk/o3W18 geqWtKpdsM+sYJSdJ2gyVR8MU8vbQclam9YMY59d/oYEKerEhoZYdPgkx2HSX1ew M3/VpEW2QlmHhsPo1CGU =VeQN -----END PGP SIGNATURE----- --GOG8wslfBwd4EUiF4aJhI2PsWUdHUxt8F--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?550AEE7E.2000707>