Stopping DNS attack on low bandwidth interfaces(modems)

andrei · August 27, 2015, 7:42pm

Hi,

I have a problem with a mikrotik router that has a 3g modem connected and gets a public ip.
Starting 2 days ago I noticed traffic coming in through that interface. I did a torch on the interface
and saw udp dns requests coming from..of course China. I then added a rule in the firewall to filter
dns requests since I don’t need this service.(allow remote requests was already disabled)
The problem is that these are UDP requests so they keep coming even if I filter them(packets are dropped
in the firewall but this still uses bandwidth) and sometimes this kills my 3g connection.
Is there a way to prevent/stop this using routeros?

Thanks.

jarda · August 28, 2015, 7:44am

It would never started if you’d blocked the port 53 from the very beginning. Change the ip addresses by the modem if possible. Or wait till it stops as you are not responding…

andrei · August 28, 2015, 7:55am

Well, changing the ip is not really a solution.
This is not such a big issue since this is used as a backup connection and the traffic
it uses is really small. I’ll wait for it to stop.

juanguma · August 28, 2015, 1:11pm

Set your dns server manually, and disabel “allow remote request” option. it will help u!

jarda · August 29, 2015, 12:02pm

Using dns cache locally speeds up the browsing for clients. It might be better to keep the remote requests enabled in many cases.

andrei · August 29, 2015, 1:53pm

I don’t need DNS locally or otherwise. So it is blocked in firewall and allow remote request are off like I said.
It is solved now. Thanks.

jarda · August 29, 2015, 3:52pm

That’s good. Enjoy.