1 Apr
2016
1 Apr
'16
7:07 p.m.
Lately I have a lot of domain response traffic from china, probably a dns amplification
attack targeting the host 42.202.148.15.
The used address which gets that traffic is mainly 44.182.20.27. Other hosts of this
subnet also receive traffic via the ucsd tunnel (44.182.20.*, 44.182.230.*).
These addresses have no registered host name and thus should be dropped by the gateway,
but this is not happening.
Anyone knows an explanation or is it a gateway bug?
Marius, YO2LOJ
1 Apr
1 Apr
8:23 p.m.
I guess you could call it a bug; the gateway was running with
an old list of valid addresses. I've flushed and reloaded it
and that traffic should now be filtered out. Please let me
know if that fixed it.
- Brian
On Sat, Apr 02, 2016 at 02:07:20AM +0300, Marius Petrescu wrote:
Lately I have a lot of domain response traffic from
china, probably a dns amplification attack targeting the host 42.202.148.15.
The used address which gets that traffic is mainly 44.182.20.27. Other hosts of this
subnet also receive traffic via the ucsd tunnel (44.182.20.*, 44.182.230.*).
These addresses have no registered host name and thus should be dropped by the gateway,
but this is not happening.
Anyone knows an explanation or is it a gateway bug?
Marius, YO2LOJ
8:55 p.m.
Thank you Brian,
It seems to be fixed now.
Marius, YO2LOJ
-----Original Message-----
From: Brian Kantor
Sent: Saturday, April 02, 2016 03:23
To: AMPRNet working group
Subject: Re: [44net] UCSD gateway filters
(Please trim inclusions from previous messages)
_______________________________________________
I guess you could call it a bug; the gateway was running with
an old list of valid addresses. I've flushed and reloaded it
and that traffic should now be filtered out. Please let me
know if that fixed it.
- Brian
On Sat, Apr 02, 2016 at 02:07:20AM +0300, Marius Petrescu wrote:
Lately I have a lot of domain response traffic from
china, probably a dns
amplification attack targeting the host 42.202.148.15.
The used address which gets that traffic is mainly 44.182.20.27. Other
hosts of this subnet also receive traffic via the ucsd tunnel
(44.182.20.*, 44.182.230.*).
These addresses have no registered host name and thus should be dropped by
the gateway, but this is not happening.
Anyone knows an explanation or is it a gateway bug?
Marius, YO2LOJ
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
3155
days inactive
3156
days old
2 comments
2 participants
participants (2)
-
Brian Kantor -
Marius Petrescu