From owner-freebsd-questions@FreeBSD.ORG Thu Mar 19 15:43:00 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A5EC8A98 for ; Thu, 19 Mar 2015 15:43:00 +0000 (UTC) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "ca.infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4727427D for ; Thu, 19 Mar 2015 15:43:00 +0000 (UTC) Received: from ox-dell39.ox.adestra.com (no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged)) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.15.1/8.15.1) with ESMTPSA id t2JFgt3N019093 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Thu, 19 Mar 2015 15:42:55 GMT (envelope-from m.seaman@infracaninophile.co.uk) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none header.from=infracaninophile.co.uk DKIM-Filter: OpenDKIM Filter v2.9.2 smtp.infracaninophile.co.uk t2JFgt3N019093 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infracaninophile.co.uk; s=201001-infracaninophile; t=1426779775; bh=LN/K41T9OtH1UtNXWwGPg8O/bm5l8xZy7wd8wcUhCO4=; h=Date:From:To:Subject:References:In-Reply-To; z=Date:=20Thu,=2019=20Mar=202015=2015:42:54=20+0000|From:=20Matthew =20Seaman=20|To:=20freebsd-questi ons@freebsd.org|Subject:=20Re:=20public=20network=20traffic=20to=2 0my=20ip=20address=20port=2053|References:=20=20<550AEAC2.8040000@gmail.com>|In-Reply-To:=20<55 0AEAC2.8040000@gmail.com>; b=FGpIYa0zrwUn8eP87NnyzYJw702GQ8yHbUsx5iavn5pxtLctXff3MfOonBOBb+nSG 4pGUiQO0DVxSGkW8RAAHvKauXTrDVyNcguoBNGo5ipJ6PS/FzGYOOeIkv8umj+5tNY P/laoJbt6h77tUdr49aGT78i2WH3ihP7ClRgVduc= X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged) claimed to be ox-dell39.ox.adestra.com Message-ID: <550AEE7E.2000707@infracaninophile.co.uk> Date: Thu, 19 Mar 2015 15:42:54 +0000 From: Matthew Seaman User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: public network traffic to my ip address port 53 References: <550AEAC2.8040000@gmail.com> In-Reply-To: <550AEAC2.8040000@gmail.com> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="GOG8wslfBwd4EUiF4aJhI2PsWUdHUxt8F" X-Virus-Scanned: clamav-milter 0.98.6 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.6 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU autolearn=ham autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lucid-nonsense.infracaninophile.co.uk X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2015 15:43:00 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --GOG8wslfBwd4EUiF4aJhI2PsWUdHUxt8F Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 03/19/15 15:26, Ernie Luzar wrote: > I have been running this home server for 15 years and have never had a > dsn server. > Last time I scrutinized my firewall log was 2 plus years ago and I did= > not have all this unsolicited inbound dns traffic. > To me it looks like a search for dos targets. To my knowledge dsn > servers DON'T roll through pubic IP address ranges looking for other > dsn servers. This is indeed the result of people, or rather, bots, trying to exploit poorly configured recursive DNSes. If they can find a server that responds, they will use it as a traffic amplifier for DoS attacks. Consequently there are a lot of DNS queries hitting random addresses trying to find those poorly configured DNS servers. > So I ask the question again "Is there any valid reason to allow these > unsolicited inbound packets access to my system on port 53?". No. They are bogus. Block them at your firewall. Cheers, Matthew --GOG8wslfBwd4EUiF4aJhI2PsWUdHUxt8F Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJVCu5/XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTn/1sQAJQEpdhhyHRZ61EM0B6hevQ0 yja1vegs/kSHmhhudeZ5XvOgN5/DWGsWEIvR9Ap8UVSLh/uRY6zg7Fd3dpBrmQdT HfnahSzBxa/wZfM1XtdMmRdoKto3GeYiODgcjgQjG8B4sw5ZZ8Vw7q4X0/KCzdPW EYLGQh+cj0gkapIVgl6qC0mZs48GPkdzQsr9woIvJu/rvSLjkY229ajKDjViCfd1 9vVO+PyCzwSZs4oEfRY00lSpN/CMz9aGlaejGY8J83IamF98+srDis5GpToVP5f+ CvSCtIKezJVSIzAFVPRUhpCLhsQug+KULxOx+pqsVVxi1Rm833KSfavmvpsyPpC/ zuMXhl7ur4lkNmE/qugObM2O6i5PuomRmu49bTKKiA3rAGrDpp6Zwo60VaDsFBlL hsryb9WmF2g/1VzavwD2Apt/CyRxP03xiXDpW6qMSgbuk4NLa/7CEI2eiw2DRcuZ u0wQsDwuouIN/bkfX9o9nazTf3ZkaITYjTFnfkMf8ryrd74jaqp62V0/4JCQy52o WaRS9l2AIKqu+HrQOxzzkU9N69McPIs5gf2y9zkL4kYVz4nzEudeSmCesk/o3W18 geqWtKpdsM+sYJSdJ2gyVR8MU8vbQclam9YMY59d/oYEKerEhoZYdPgkx2HSX1ew M3/VpEW2QlmHhsPo1CGU =VeQN -----END PGP SIGNATURE----- --GOG8wslfBwd4EUiF4aJhI2PsWUdHUxt8F--