27 Jun
2017
27 Jun
'17
10:34 a.m.
All,
I looked at my router's system log and noticed two interesting messages:
[ 272.794578] conntrack: generic helper won't
handle protocol 47.
Please consider loading the specific helper module.
[367924.542265] TCP: request_sock_TCP: Possible SYN
flooding on port
53. Sending cookies. Check SNMP counters.
I realized I'm currently under a
"small" attack. About 2 p.p.s. are
causing my SYN_Flood rules to hit. What's interesting is:
- I don't run any GRE tunnels (most of the Protocol 47 packets are
coming from China)
- The only tcp/53 I have open is AMPR DNS (most connections are coming
from 104.236.176.72)
Does anyone currently use tcp AXFR to copy 44.IN-ADDR.ARPA. or AMPR.ORG.
from me?
73,
- Lynwood
KB3VWG