I guess you could call it a bug; the gateway was running with an old list of valid addresses. I've flushed and reloaded it and that traffic should now be filtered out. Please let me know if that fixed it. - Brian
On Sat, Apr 02, 2016 at 02:07:20AM +0300, Marius Petrescu wrote:
Lately I have a lot of domain response traffic from china, probably a dns amplification attack targeting the host 42.202.148.15. The used address which gets that traffic is mainly 44.182.20.27. Other hosts of this subnet also receive traffic via the ucsd tunnel (44.182.20.*, 44.182.230.*).
These addresses have no registered host name and thus should be dropped by the gateway, but this is not happening.
Anyone knows an explanation or is it a gateway bug?
Marius, YO2LOJ