Community discussions

MikroTik App
 
akarpas
Member Candidate
Member Candidate
Topic Author
Posts: 197
Joined: Tue Mar 20, 2018 4:46 pm

huge amount of TCP DNS queries from outside

Sat Mar 02, 2019 12:25 pm

So we found that router was compromised so we have cleaned it and properly secured, but from this moment router is receiving a huge amount of packets coming form outside to DNS TCP , afcourse as i have said all this is secured and outside DNS queries are dropped. But all this traffic comming to my router is pissing me of how to fight this , can i some how redirect or i have to call ISP and ask to change IP?
By the way cpu is ok but memory is almost used in full
 
BRMateus2
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Thu Oct 26, 2017 11:18 pm

Re: huge amount of TCP DNS queries from outside

Sat Mar 02, 2019 3:50 pm

Your router might have been used in DNS amplification attacks.
The ISP should provide you an drop hole for the possible spoofed IP.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 22116
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: huge amount of TCP DNS queries from outside

Sat Mar 02, 2019 3:59 pm

Please define cleaned it and secured it? That response may be inadequate!
 
cdemers
Member Candidate
Member Candidate
Posts: 224
Joined: Sun Feb 26, 2006 3:32 pm
Location: Canada
Contact:

Re: huge amount of TCP DNS queries from outside

Sat Mar 02, 2019 4:31 pm

Would suggest export configuration, netinstall with latest firmware. And add back what you need from the old configuration. Default configuration is secure and a good point to start from.

I never trust a router that has been comprised even if it was just a password hack.

And good time to clean up the configuration of anything that is not needed.


Sent from my SM-A520W using Tapatalk

 
User avatar
anav
Forum Guru
Forum Guru
Posts: 22116
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: huge amount of TCP DNS queries from outside

Sat Mar 02, 2019 4:47 pm

Would suggest export configuration, netinstall with latest firmware. And add back what you need from the old configuration. Default configuration is secure and a good point to start from.

I never trust a router that has been comprised even if it was just a password hack.

And good time to clean up the configuration of anything that is not needed.


Sent from my SM-A520W using Tapatalk
I disagree, I would start a new configuration (with latest firmware for netinstall) and not use anything from a compromised configuration.
 
cdemers
Member Candidate
Member Candidate
Posts: 224
Joined: Sun Feb 26, 2006 3:32 pm
Location: Canada
Contact:

Re: huge amount of TCP DNS queries from outside

Sun Mar 03, 2019 5:17 am


Would suggest export configuration, netinstall with latest firmware. And add back what you need from the old configuration. Default configuration is secure and a good point to start from.

I never trust a router that has been comprised even if it was just a password hack.

And good time to clean up the configuration of anything that is not needed.


Sent from my SM-A520W using Tapatalk
I disagree, I would start a new configuration (with latest firmware for netinstall) and not use anything from a compromised configuration.
That's what I just said. I didn't say import the whole old configuration, that would be pointless.


Sent from my SM-A520W using Tapatalk

 
User avatar
anav
Forum Guru
Forum Guru
Posts: 22116
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: huge amount of TCP DNS queries from outside

Sun Mar 03, 2019 5:57 am

I see where you stated start with default configuration, the waters were muddied when you started by saying export configuration.
All is good! My apologies.

Who is online

Users browsing this forum: No registered users and 49 guests