Date: Thu, 04 Jun 2015 18:52:11 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: freebsd-questions@freebsd.org Subject: Re: port 53 under attack Message-ID: <5570904B.6020606@infracaninophile.co.uk> In-Reply-To: <1433439162.48400.0.camel@pki2.com> References: <556F87A6.8090105@a1poweruser.com> <556FF291.7070007@FreeBSD.org> <55706FCF.9050904@gmail.com> <1433439162.48400.0.camel@pki2.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --s2Bx18eWoJWqm6VT5O9r10wKbMPcdQw5M Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 04/06/2015 18:32, Dennis Glatting wrote: >> I am NOT running a dns server. So all these inbound hits on port 53 is= =20 >> > just bad guys fishing for a open dns server and blocking them like I= am=20 >> > doing is the correct thing to do? > Don't send ICMP failures. Just drop the packets. 200k packets per day to port 53 when there's nothing listening there is quite a lot. You may be unlucky in that your IP is similar to an IP where a DNS server is running and the script kiddies have somehow made a paste-o and got your address. Even though its a bit more than the usual quantity, this is pretty much usual 'background radiation' for the internet. You'll find any number of scoundrel-written bots searching for ssh or ftp servers to try and brute-force and speculative attempts to exploit various web server vulnerabilities (got to love those people that try and use IIS exploits against nginx...) and so forth. None of it is likely to be directed at you specifically. Like Dennis said: just drop it all at your firewall. *Drop* rather than block, so all the traffic just disappears into a black-hole. Cheers, Matthew --s2Bx18eWoJWqm6VT5O9r10wKbMPcdQw5M Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) iQJ8BAEBCgBmBQJVcJBLXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkAT4hkP+wTTW/CiUulACvUVcsyLwVkX YfAvrp8f8YbQEA9NLF3+WN1Zk1PhtZhjuQQ81272+ibTxqJdvjAGV0etA2IeDHPh Pwhc2temAc/AjfHe5OhxWweYHX9/iZ6fZRGRhOIwfDZAuHR6xC3hQdkFsiY1yTPM z0Y6ykCWqRMRzK97406TBoal4xOrQjt2W0uaV6CZdwHKyS5aIw7PU6bBnUuxL8MI CT5yZtnMB0pKyeYjSDlJ/B4TgGFjaEVNvoyyvx8o8Ftn/1+hjula74KtCFpw2IN6 gp+CXBtGwbIZhbIBuJ3nTbNyn+D0FDEJFpeXhez4jS3vjU3s/8/LXI5x/IZEiptG cAx0XMZAczeH5BhKrKuaXz+An6sAYzHdRqgnjzEkQYM1Rlt6vSj/2BXFuFEekfDT 1eZ8Fsz51nvQ2PBWjlxhbXDvtg8GGwi6zIo4PApHKOoJDvNB8rD3jVk2LNT+VSEp xtPuBfyVofNFFcX8Ex1LHUz+9NjVH+6DV8q6nKr/AIn/em+s2xmBDcHLuBMGg13G r/6BixE6vP36mLbTJmQ6w0kbY9hO+A0ATIMIwf6XWmlirVAhvPlW/lsrI49J7vLC nM4jJ7gDKyx+n4vGEaSxfM+kEZnC8i722b3iL0l3m8aZBatoEG06wcEo+9y08mkw IwN4Vq0JyZH9TLNVzFMP =ueTS -----END PGP SIGNATURE----- --s2Bx18eWoJWqm6VT5O9r10wKbMPcdQw5M--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5570904B.6020606>