DDOSDNS bot trying to find a live host for pushing responses.
add rule
input udp dest-port 53 interface=to internet drop in your firewall
hate those little bastards dont have anything else to do except do what
their programmed to do
On 10/08/2015 11:42 PM, That One Guy /sarcasm wrote:
So I'm at home, turning up a subnet on a mikrotik on the network. Mind
you this subnet hasn't been in use in 6 months. This is for some
servers so I create a default deny policy with logging. One of the IPs
is being hammered on port 53 udp per the packet sniffer. The IP isn't
live, its just dropping because of the policy. Its not much bandwidth
but as best I can tell its constantl and different IPs.
Is the packet sniffer on these things similar to tcpdump, the manual
page didn't seem so. All I can guess is these are part of something
I'm not related to and since this IP hasn't been live in 6 months its
spoofed or something and these are some sort of response packet to a
denial of service somewhere else.
but this subnet, not this particular IP, will house a couple DNS
servers, I just want to make sure theres no shenanigans going on
before I turn anything up
Without being at the office to wireshark this from a switch, how do I
get more out of this mikrotik packet sniffer
--
If you only see yourself as part of the team but you don't see your
team as part of yourself you have already failed as part of the team.