Page 1 of 1

dns connection issue

Posted: Thu Oct 10, 2013 12:22 pm
by baracudas
i use 2.9.27 version and i am recentrly facing some issues.
i see cpu 100% and when i run torch, one of my wan interfaces shows too many connections from 2 specific ips and different ports to local 53 port.

After i drop input of those 2 ips, in torch i see the same behaviour.
I have disabled remote dns requests but not fixed.

here is a screenshot of torch.

Re: dns connection issue

Posted: Thu Oct 10, 2013 2:02 pm
by Rudios
I think torch shows the packets because the are send to you.
It is regardless of what the firewall does with the received packages.
I assume you are being used as an DNS relay.
Post your ip firewall filter output so we can assist you in blocking unwanted traffic

Re: dns connection issue

Posted: Thu Oct 10, 2013 2:10 pm
by janisk
there is no reason to use such an old version. Update to newer.

Re: dns connection issue

Posted: Thu Oct 10, 2013 7:04 pm
by baracudas
I think torch shows the packets because the are send to you.
It is regardless of what the firewall does with the received packages.
I assume you are being used as an DNS relay.
Post your ip firewall filter output so we can assist you in blocking unwanted traffic
Here is ip firewall filter output.

Re: dns connection issue

Posted: Fri Oct 11, 2013 6:18 pm
by deejayq
had a similar experience
seemed some sort of a dos
just block the two ip's and you should be fine.

Re: dns connection issue

Posted: Sat Oct 12, 2013 1:38 pm
by baracudas
had a similar experience
seemed some sort of a dos
just block the two ip's and you should be fine.

It's odd but i i drop those ip's but the problem persist. Beside that, every day i have some other ip.attacking.