[u-u] DNS Reflection Amplification Attack Mitigation
Hugh Gamble
hugh at phaedrav.com
Tue Dec 9 14:54:43 EST 2014
Not a Unix question,
but it's about an ASUS home router based on Linux
so I know you'll forgive me. J
I have a public DNS server that is not recursive and doesn't forward
(so it's a bad choice for amplification attacks).
It's been getting DNS reflection amplification attacks against a remote
target daily
ramping up from 8:30PM to 9PM then running to 11PM.
The router firewall GUI interface is deficient
but there's command line access to iptables.
I can add (non-persistent) rules to the filter table.
And I started dropping incoming requests with the spoofed address.
Unless it was coincidence,
I think that got the attacks to stop (rather than just being mitigated).
General discussion of the problem is welcome.
But my specific question is how an attacker would notice
that using this DNS server was no longer effective.
(not that it was amplifying much in the first place)
--
Need what I can do? Hire me: http://www.PhaedraV.com/CV.html
Hugh Gamble voice: 905 787 1849 cell: 416 602 4050
Hugh at PhaedraV.com ICQ 207069950
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unixunanimous.org/pipermail/u-u/attachments/20141209/389358da/attachment.html>
More information about the u-u
mailing list