27 Jun
2017
27 Jun
'17
8:03 p.m.
Andrew,
Absolutely, appears that some TCP DNS requests from a 44 host 'tripped
the sensors'. LOL
My memory resources on my device remained OK, as well as CPU (minus the
load logging into LEDE web GUI).
It appears my server received 0 SNY Floods. That was by design. I did
notice those concerned about my 'open DNS' to the Public Internet.
TCP/53 was opened on 44.60.44.3 to allow AXFR (and incidentally,
allowing TCP DNS requests to 44.IN-ADDR.ARPA. and AMPR.ORG, since it's
Authoritative), that rule now only allows 44.0.0.0/8.
Until today, I never noticed any DNS TCP requests that hit a threshold,
and [still] none from the Internet. I'm honestly unaware of what
'stretchoid.com' means; but they don't seem to be the cause. My
firewall's timing just seems to be fast...
- Lynwood
KB3VWG
------------------------------------------------------------------------
Not many packets dropping might be ok. In fact, I'd expect it (and
only would worry if most of the flood came back with ACKs).
SYN floods try to starve your memory resources by keeping TCP
connections half open and wait for the timeout to sweep them out. But
SYN cookies prevent that. So as long as memory allocation doesn't
skyrocket when you don't see packet drops, that's a-ok.