[u-u] DNS Reflection Amplification Attack Mitigation

Hugh Gamble hugh at phaedrav.com
Tue Dec 9 14:54:43 EST 2014


Not a Unix question,

but it's about an ASUS home router based on Linux

so I know you'll forgive me. J

 

I have a public DNS server that is not recursive and doesn't forward

(so it's a bad choice for amplification attacks).

It's been getting DNS reflection amplification attacks against a remote
target daily

ramping up from 8:30PM to 9PM then running to 11PM.

 

The router firewall GUI interface is deficient

but there's command line access to iptables.

I can add (non-persistent) rules to the filter table.

And I started dropping incoming requests with the spoofed address.

 

Unless it was coincidence, 

I think that got the attacks to stop (rather than just being mitigated).

 

General discussion of the problem is welcome.

But my specific question is how an attacker would notice

that using this DNS server was no longer effective.

(not that it was amplifying much in the first place)

 

--

Need what I can do? Hire me: http://www.PhaedraV.com/CV.html

Hugh Gamble  voice: 905 787 1849 cell: 416 602 4050

Hugh at PhaedraV.com   ICQ 207069950

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unixunanimous.org/pipermail/u-u/attachments/20141209/389358da/attachment.html>


More information about the u-u mailing list