Re: [44net] UDP DNS attacks at my 44 Net

There is also this, which goes a bit more in-depth for locking down your Mikrotik device: http://rickfreyconsulting.com/wp-content/uploads/2014/10/MikroTik-DNS-Attac… On 04/06/2016 06:11 AM, Stacy wrote: > (Please trim inclusions from previous messages) > _______________________________________________ > Ronen, > Take a look here. They cover this in pretty good detail. > > http://forum.mikrotik.com/viewtopic.php?t=69677 > > -Stacy > KG7QIN > > On 04/06/2016 06:00 AM, R P wrote: >> (Please trim inclusions from previous messages) >> _______________________________________________ >> Hi group >> >> Now when the mikrotik have a connections sessions screen i see >> about 150 (yesterday night it was 1200) UDP Port 53 >> (DNS)sessions coming from about 15 different sites each site >> have about 10 sessions >> >> total bandwidth it consume is 500 KB/s >> >> What is it ? why a site have to do 10 times DNS queries (or maybe >> it is a UDP session to port 53 but not a DNS query ) to my host where >> even no DNS server exist ? >> >> Is there anyone that can tell me the exact command to block it ? i >> have tried with the web interface to add a firewall rule but nothing >> happen it looks like im not giving the right rule >> >> Thanks Forward >> >> Ronen - 4Z4ZQ >> >> http://www.ronen.org >> >> Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/> >> www.ronen.org >> ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by >> domainavenue.com >> >> >> >>