possible SYN flooding on tcp port 53

ToTheFull · October 23, 2024, 3:15pm

What is the best way to find what is doing this possible SYN flooding on tcp port 53
It happens now and then, started sometime last week. My firewall is blocking port 53 tcp/udp incoming. could this be from my LAN ?

mkx · October 23, 2024, 3:21pm

How do you figure it’s a syn flooding going on? (I’m not saying it doesn’t, just wondering what makes you think it is)

ToTheFull · October 23, 2024, 3:23pm

I’ve never seen that warning before last week, if it was I would expect there to be a lot more warnings, I don’t like things that don’t make any sense.

mkx · October 23, 2024, 3:27pm

Do are you saying you saw it in log? Or what?

ToTheFull · October 23, 2024, 3:29pm

Yes It’s popping up in the log every now and then, how do I find what might be causing it ?

mkx · October 23, 2024, 4:16pm

Try to add this rule somewhere to the top of rules (e.g. right below the “accept established,related” rule)

add chain=input action=log log-prefix="TCP 53" connection-state=new protocol=tcp dst-port=53

For a good measure, you can add a similar rule, but for chain=forward.

They should log any attempts and if the message you’re seeing includes a time stamp, you can use it to find any log entries with similar time stamp.

ToTheFull · October 23, 2024, 4:33pm

Thanks, will add that and see where it goes.

ToTheFull · October 23, 2024, 9:42pm

It’s an old android phone doing that from inside my network.

MC88 · February 14, 2025, 6:41pm

The same thing is happening on my router. This message appears in the log from time to time.
Does anyone have information on how to resolve it?

anav · February 14, 2025, 7:08pm

NO, the onus is ON you to provide information.

MC88 · February 14, 2025, 9:24pm

Thank you for your help and sympathy. You are simply trying to get help. But this is certainly not where I’m going to get it.

anav · February 14, 2025, 10:04pm

Great so you are adding lying to your repertoire of skill sets.
In the other thread I asked you to provide your config ( fact/evidence ) so that we may collectively attempt to sort out the issue.
Instead you come here spewing BS.

We are a patient bunch, still waiting for that config… still waiting to help.

MC88 · February 15, 2025, 3:38pm

If you look closely, you’ll realize that it wasn’t me that you asked for the information you mention.

anav · February 15, 2025, 5:52pm

Sorry you got caught in the cross-hairs, suggest if you have an issue start a new thread and provide some actual information.
/export file=anynameyouwish (minus router serial number, any public WANIP information, keys)