Page 1 of 1

Strnge DNS Cache entries from China

Posted: Thu Mar 06, 2014 6:38 pm
by ejansson
Noticed that my dns cache has thousands of suspicious entries similar to qbshqxgbixqp.180.sf51.cn doing some web searches shows noting, but I have had the odd one show as Chinese dns server.

Is this a problem as I don't recall seeing this type of stuff before.

Re: Strnge DNS Cache entries from China

Posted: Thu Mar 06, 2014 8:31 pm
by c0d3rSh3ll
Protect your mikrotik dns from internet acces allowing only request from your lan

Sent from my mobile phone with Tapatalk

Re: Strnge DNS Cache entries from China

Posted: Thu Mar 06, 2014 8:59 pm
by ejansson
I have blocked DNS (UDP 53) from the wan interface on the router but this does not appear to have any effect

Re: Strnge DNS Cache entries from China

Posted: Fri Mar 07, 2014 10:43 am
by DamionLiu
As you know that the mobile phone signal jammer can cut off the signals of the mobile phones and soon make it impossible to make phone calls or send messages. In this way when you need the peaceful condition and want to stay in it, you can just use the best mobile phone jammer to help you achieve your goal. And now as the technology develops with high speed the advanced 4G jammer has come into the market and are well welcomed by the group of people who need the jammer mobile product.

Re: Strnge DNS Cache entries from China

Posted: Fri Mar 07, 2014 4:17 pm
by latitude
We have seen the same (>100 strange DNS request per second) and added this rule to solve the problem

2 ;;; DNS Rule
chain=input action=drop protocol=udp src-address-list=!DNSserver
in-interface=Internet dst-port=53

The address list contains a few servers we tolerate requests from.

Re: Strnge DNS Cache entries from China

Posted: Wed Mar 12, 2014 3:03 pm
by joshaven
I would say it is likely that your DNS has been being used in DNS amplification attacks. See this link for more info: https://www.us-cert.gov/ncas/alerts/TA13-088A


Sent from my iPhone using Tapatalk