My policy on this interface is default deny, so it is dropping them, but its still going on to just the one IP out if the /28 subnet. I dont mind dropping them, its not noticable bandwidth, I just cant figure out why it is the traffic is focused there, I almost wonder if I ws to stick a DNS server on that IP if it would increase
On Fri, Oct 9, 2015 at 8:08 AM, David <[email protected]> wrote: > DDOSDNS bot trying to find a live host for pushing responses. > > add rule > input udp dest-port 53 interface=to internet drop in your firewall > > hate those little bastards dont have anything else to do except do what > their programmed to do > > > > > > > On 10/08/2015 11:42 PM, That One Guy /sarcasm wrote: > > So I'm at home, turning up a subnet on a mikrotik on the network. Mind you > this subnet hasn't been in use in 6 months. This is for some servers so I > create a default deny policy with logging. One of the IPs is being hammered > on port 53 udp per the packet sniffer. The IP isn't live, its just dropping > because of the policy. Its not much bandwidth but as best I can tell its > constantl and different IPs. > > Is the packet sniffer on these things similar to tcpdump, the manual page > didn't seem so. All I can guess is these are part of something I'm not > related to and since this IP hasn't been live in 6 months its spoofed or > something and these are some sort of response packet to a denial of service > somewhere else. > but this subnet, not this particular IP, will house a couple DNS servers, > I just want to make sure theres no shenanigans going on before I turn > anything up > Without being at the office to wireshark this from a switch, how do I get > more out of this mikrotik packet sniffer > > -- > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > > > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
