1 Apr
2016
1 Apr
'16
8:23 p.m.
I guess you could call it a bug; the gateway was running with
an old list of valid addresses. I've flushed and reloaded it
and that traffic should now be filtered out. Please let me
know if that fixed it.
- Brian
On Sat, Apr 02, 2016 at 02:07:20AM +0300, Marius Petrescu wrote:
Lately I have a lot of domain response traffic from
china, probably a dns amplification attack targeting the host 42.202.148.15.
The used address which gets that traffic is mainly 44.182.20.27. Other hosts of this
subnet also receive traffic via the ucsd tunnel (44.182.20.*, 44.182.230.*).
These addresses have no registered host name and thus should be dropped by the gateway,
but this is not happening.
Anyone knows an explanation or is it a gateway bug?
Marius, YO2LOJ