Community discussions

MikroTik App
 
ejansson
Member
Member
Topic Author
Posts: 301
Joined: Fri Oct 21, 2005 4:09 pm
Location: Manitoba, Canada

Strnge DNS Cache entries from China

Thu Mar 06, 2014 6:38 pm

Noticed that my dns cache has thousands of suspicious entries similar to qbshqxgbixqp.180.sf51.cn doing some web searches shows noting, but I have had the odd one show as Chinese dns server.

Is this a problem as I don't recall seeing this type of stuff before.
 
User avatar
c0d3rSh3ll
Long time Member
Long time Member
Posts: 558
Joined: Mon Jul 25, 2011 9:42 pm
Location: [admin@Chile] >

Re: Strnge DNS Cache entries from China

Thu Mar 06, 2014 8:31 pm

Protect your mikrotik dns from internet acces allowing only request from your lan

Sent from my mobile phone with Tapatalk
nothing
 
ejansson
Member
Member
Topic Author
Posts: 301
Joined: Fri Oct 21, 2005 4:09 pm
Location: Manitoba, Canada

Re: Strnge DNS Cache entries from China

Thu Mar 06, 2014 8:59 pm

I have blocked DNS (UDP 53) from the wan interface on the router but this does not appear to have any effect
 
DamionLiu
just joined
Posts: 1
Joined: Fri Mar 07, 2014 10:39 am

Re: Strnge DNS Cache entries from China

Fri Mar 07, 2014 10:43 am

As you know that the mobile phone signal jammer can cut off the signals of the mobile phones and soon make it impossible to make phone calls or send messages. In this way when you need the peaceful condition and want to stay in it, you can just use the best mobile phone jammer to help you achieve your goal. And now as the technology develops with high speed the advanced 4G jammer has come into the market and are well welcomed by the group of people who need the jammer mobile product.
 
latitude
just joined
Posts: 5
Joined: Fri Feb 28, 2014 11:50 am

Re: Strnge DNS Cache entries from China

Fri Mar 07, 2014 4:17 pm

We have seen the same (>100 strange DNS request per second) and added this rule to solve the problem

2 ;;; DNS Rule
chain=input action=drop protocol=udp src-address-list=!DNSserver
in-interface=Internet dst-port=53

The address list contains a few servers we tolerate requests from.
 
User avatar
joshaven
Member
Member
Posts: 439
Joined: Fri May 06, 2011 1:50 am
Location: USA
Contact:

Re: Strnge DNS Cache entries from China

Wed Mar 12, 2014 3:03 pm

I would say it is likely that your DNS has been being used in DNS amplification attacks. See this link for more info: https://www.us-cert.gov/ncas/alerts/TA13-088A


Sent from my iPhone using Tapatalk
Joshaven Potter
Consulting and Business Services Available http://joshaven.com

Who is online

Users browsing this forum: Bing [Bot], Google [Bot], Majestic-12 [Bot], mseidler, travisms and 157 guests