27 Jun
2017
27 Jun
'17
12:07 p.m.
- The only tcp/53 I have open is AMPR DNS (most connections are coming from 104.236.176.72)
Those are on my list of scanners/blackhats. The name "stretchoid.com" is already indicative of what they do. However, as Brian Kantor also wrote, it is a really bad idea to run a DNS server on an internet-facing interface. Keep it accessible only from the amprnet side.
Rob
27 Jun
27 Jun
1:24 p.m.
New subject: SYN Flood, etc.
Rob,
In fact, my DNS only faces AMPRNet (at 44.60.44.3); but I did have TCP/53 opened in case someone wished to zone transfer (including myself); or as Borja noted, uses TCP/43 for legitimate DNS requests.
I'll be closing TCP/53 to the Internet - NOW.
Thanks all,
- KB3VWG
3266
Age (days ago)
3266
Last active (days ago)
1 comments
2 participants
participants (2)
-
lleachii@aol.com -
Rob Janssen