27 Jun
2017
27 Jun
'17
10:34 a.m.
All,
I looked at my router's system log and noticed two interesting messages:
[ 272.794578] conntrack: generic helper won't handle protocol 47. Please consider loading the specific helper module.
[367924.542265] TCP: request_sock_TCP: Possible SYN flooding on port 53. Sending cookies. Check SNMP counters.
I realized I'm currently under a "small" attack. About 2 p.p.s. are causing my SYN_Flood rules to hit. What's interesting is:
- I don't run any GRE tunnels (most of the Protocol 47 packets are coming from China) - The only tcp/53 I have open is AMPR DNS (most connections are coming from 104.236.176.72)
Does anyone currently use tcp AXFR to copy 44.IN-ADDR.ARPA. or AMPR.ORG. from me?
73,
- Lynwood KB3VWG