EFW Support

Support => General Support => Topic started by: phqr58 on Friday 02 October 2015, 02:29:15 am



Title: DNS external attacks
Post by: phqr58 on Friday 02 October 2015, 02:29:15 am
I've been testing against external attacks. No meeting as blocking DNS attack.

The following link shows that vulnerable ENDIAN

http://openresolver.com/


Title: Re: DNS external attacks
Post by: christophel77 on Tuesday 10 November 2015, 09:23:46 pm
Hi

try this command

iptables -A INPUT -p udp --dport 53 -m u32 --u32 "0x28=0x0000ff00"

iptables -A INPUT -p udp --dport 53 -m u32 --u32 "0x28=0x03697363 && 0x2c=0x036f7267"

iptables -A INPUT -p udp --dport 53 -m u32 --u32 "0x28=0x02646b00"






Title: Re: DNS external attacks
Post by: mmiat on Tuesday 10 November 2015, 11:10:03 pm
sorry but I've not understood
if I check an ip from a network that uses Endian and it detects vulnerability, this means that my endian is vilnerable?
thanks


Title: Re: DNS external attacks
Post by: Timmeh on Sunday 22 November 2015, 12:58:04 am
i think this test only check if the dns server allows recursive queries and therefore enabling dns amplification...

not vunerable just open to abuse