Udefrakommende dns-request hvordan stoppes de?


  • 0 kommentarer
Vi har en linux firewall og siden mandag den 14. november er loggen blevet overfyldt med afviste forespørgsler.

 

Vi har 87.63.82.170/255.255.255.252 (fast ip) som internetadresse.

 

Forespørgslerne er udefra kommende og til TDC's dns-servere på port 53/udp. Alle forespørgsler kommer fra den samme adresse 193.162.153.164:

 

  Nov 21 15:33:41 solex kernel: Packet log: input DENY eth0 PROTO=17 93.167.110.146:32788 

  193.162.153.164:53 L=61 S=0x00 I=0 F=0x4000 T=64 (#69)

  Nov 21 15:33:41 solex kernel: Packet log: input DENY eth0 PROTO=17 93.167.110.146:32787

  194.239.134.83:53 L=61 S=0x00 I=0 F=0x4000 T=64 (#69)

 

Pinger jeg 193.162.153.164 fra firewallen får jeg duplicates.

 

Hvordan får vi sat en prop i trafikken fra 193.162.153.164 (over 14 mio request/døgn) mod vores firewall?

 

Ringede til TDC support som mente vi havde fildeling eller virus - det mener jeg ikke er årsagen.

 

Vh. Finn

 

3 Kommentarer

Få support til at give dig ny IP adresse.

Tjekkede det lige op, og kunne godt være en fejl hos TDC

http://whois.domaintools.com/193.162.153.164

Jeg slap ikke særligt godt fra copy-paste - det er 93.167.110.146 som giver trafikken, ikke 193.162.153.164 (som er en af TDC's dns-servere).

Jeg gentager lige:

Forespørgslerne er udefra kommende og til TDC's dns-servere på port 53/udp. Alle forespørgsler kommer fra den samme adresse 93.167.110.146:

  Nov 21 15:33:41 solex kernel: Packet log: input DENY eth0 PROTO=17 93.167.110.146:32788

  193.162.153.164:53 L=61 S=0x00 I=0 F=0x4000 T=64 (#69)

  Nov 21 15:33:41 solex kernel: Packet log: input DENY eth0 PROTO=17 93.167.110.146:32787

  194.239.134.83:53 L=61 S=0x00 I=0 F=0x4000 T=64 (#69)

Pinger jeg 93.167.110.146 fra firewallen får jeg (mange) duplicates tilbage:

PING 93.167.110.146 (93.167.110.146) from 87.63.82.170 : 56(84) bytes of data.

64 bytes from 93.167.110.146: icmp_seq=0 ttl=64 time=42.800 msec

64 bytes from 93.167.110.146: icmp_seq=0 ttl=63 time=43.051 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=0 ttl=62 time=60.034 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=0 ttl=62 time=60.805 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=0 ttl=62 time=61.048 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=0 ttl=62 time=61.262 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=0 ttl=62 time=63.484 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=0 ttl=62 time=63.800 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=0 ttl=62 time=64.002 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=0 ttl=62 time=64.501 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=0 ttl=62 time=86.674 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=0 ttl=62 time=87.129 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=0 ttl=62 time=107.341 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=0 ttl=62 time=283.504 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=1 ttl=64 time=51.209 msec

64 bytes from 93.167.110.146: icmp_seq=1 ttl=63 time=51.468 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=1 ttl=62 time=68.685 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=1 ttl=62 time=69.204 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=1 ttl=62 time=69.656 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=1 ttl=62 time=69.936 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=1 ttl=62 time=71.408 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=1 ttl=62 time=72.118 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=1 ttl=62 time=72.889 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=1 ttl=62 time=73.843 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=1 ttl=62 time=75.324 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=1 ttl=62 time=75.678 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=1 ttl=62 time=75.901 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=1 ttl=62 time=283.547 msec (DUP!)

64 bytes from 93.167.110.146: icmp_seq=2 ttl=64 time=54.924 msec

64 bytes from 93.167.110.146: icmp_seq=2 ttl=63 time=55.078 msec (DUP!)

--- 93.167.110.146 ping statistics ---

3 packets transmitted, 3 packets received, +27 duplicates, 0% packet loss

round-trip min/avg/max/mdev = 42.800/81.343/283.547/55.534 ms

Hvordan får vi sat en prop i trafikken fra 93.167.110.146 (over 14 mio request/døgn) mod vores firewall?

vh. Finn

Besvar

    • :D
    • :?
    • :cool:
    • :S
    • :(
    • :@
    • :$
    • :8
    • :)
    • :P
    • ;)