On 2018-02-28 13:42, Denys Fedoryshchenko wrote:
I want to add one software vendor, who is major contributor to ddos
attacks.
Mikrotik till now shipping their quite popular routers, with wide open
DNS recursor,
that don't have even mechanism for ACL in it. Significant part of DNS
amplification attacks
are such Mikrotik recursors.
They don't care till now.
I have mixed experiences with Mikrotik, but I don't think they would do
such a stupid thing. A friend of my has three offices and each one has
mikrotik to form tunnels and one domain for all the company.
He is not too IP savvy, so he copy-pasted the VPN config from internet
and left the rest as it was. His routers are not open DNS resolvers.
When I asked them I got no reply and their logs showed:
_drop input: in:ether1 out:(unknown 0), src-mac 00:AB:CD:81:c2:71, proto
UDP, AAA.47.138.134:9082->BBB.146.251.103:53, len 51
His settings showed the DNS server ON with all the queries for the local
network and he actually had a toggle "allow remote queries" on, but his
routers were not open resolvers.
--
Grzegorz Janoszka