Community discussions

MikroTik App
 
andrei
newbie
Topic Author
Posts: 27
Joined: Wed Oct 29, 2014 9:53 am

Stopping DNS attack on low bandwidth interfaces(modems)

Thu Aug 27, 2015 10:42 pm

Hi,

I have a problem with a mikrotik router that has a 3g modem connected and gets a public ip.
Starting 2 days ago I noticed traffic coming in through that interface. I did a torch on the interface
and saw udp dns requests coming from..of course China. I then added a rule in the firewall to filter
dns requests since I don't need this service.(allow remote requests was already disabled)
The problem is that these are UDP requests so they keep coming even if I filter them(packets are dropped
in the firewall but this still uses bandwidth) and sometimes this kills my 3g connection.
Is there a way to prevent/stop this using routeros?

Thanks.
 
jarda
Forum Guru
Forum Guru
Posts: 7603
Joined: Mon Oct 22, 2012 4:46 pm

Fri Aug 28, 2015 10:44 am

It would never started if you'd blocked the port 53 from the very beginning. Change the ip addresses by the modem if possible. Or wait till it stops as you are not responding...
 
andrei
newbie
Topic Author
Posts: 27
Joined: Wed Oct 29, 2014 9:53 am

Re: Stopping DNS attack on low bandwidth interfaces(modems)

Fri Aug 28, 2015 10:55 am

Well, changing the ip is not really a solution.
This is not such a big issue since this is used as a backup connection and the traffic
it uses is really small. I'll wait for it to stop.
 
juanguma
just joined
Posts: 5
Joined: Wed Oct 22, 2008 2:06 am

Re: Stopping DNS attack on low bandwidth interfaces(modems)

Fri Aug 28, 2015 4:11 pm

Set your dns server manually, and disabel "allow remote request" option. it will help u!
 
jarda
Forum Guru
Forum Guru
Posts: 7603
Joined: Mon Oct 22, 2012 4:46 pm

Sat Aug 29, 2015 3:02 pm

Using dns cache locally speeds up the browsing for clients. It might be better to keep the remote requests enabled in many cases.
 
andrei
newbie
Topic Author
Posts: 27
Joined: Wed Oct 29, 2014 9:53 am

Re: Stopping DNS attack on low bandwidth interfaces(modems)

Sat Aug 29, 2015 4:53 pm

I don't need DNS locally or otherwise. So it is blocked in firewall and allow remote request are off like I said.
It is solved now. Thanks.
 
jarda
Forum Guru
Forum Guru
Posts: 7603
Joined: Mon Oct 22, 2012 4:46 pm

Sat Aug 29, 2015 6:52 pm

That's good. Enjoy.

Who is online

Users browsing this forum: No registered users and 27 guests