[Dnsmasq-discuss] Help in DNS amplification attack
ashutosh.chaturvedi.31 at gmail.com
Fri Jul 17 06:04:11 BST 2015
as per link i shared they mention
in step 3
"To test the vulnerability, we will check your server for a DNS record it
should not have. If a result is returned, then the info was pulled by your
server from another DNS server and is open to this vulnerability."
yes as i checked capture packet its like my WAN sending some dns query to
out internet for 1and1.com and getting result,
so on what bases i should reject this result.
On Thu, Jul 16, 2015 at 4:26 PM, @shuToSH Ch at tURveDI <
ashutosh.chaturvedi.31 at gmail.com> wrote:
> Is your dnsmasq the autoritative name server for a domain that you
> --> no i am not managing any domin,just using dnsmasq for dns query and
> forward it to LAN client, whoever
> is requested, i got to know my dnsmasq vulnerable for DNS amplification
> attacks, if attack using spoof, i prevent this anyhow
> if internet or external network spoofing but not sure about this 1and1
> If not, then you don't need it to be reachable from outside the LAN,
> and if you configure it to not be reachable from outside the LAN, then
> it cannot be used for DNS amplification attacks.
> --> as i know my dnsmasq listen only to LAN if wont accept any query
> outside the LAN,
> Thanks for your time :)
> On Thu, Jul 16, 2015 at 4:04 PM, Albert ARIBAUD <albert.aribaud at free.fr>
>> Hi again AS,
>> Le Thu, 16 Jul 2015 15:39:56 +0530, "@shuToSH Ch at tURveDI"
>> <ashutosh.chaturvedi.31 at gmail.com> a écrit :
>> > NO,
>> > i am using router from LAN i am sending query like (nslookup 1and1.com
>> > of LAN),
>> > and dnsmasq listening on LAN, and WAN Internet reachable.
>> > i am also not sure this is issue or not.
>> Is your dnsmasq the autoritative name server for a domain that you
>> If not, then you don't need it to be reachable from outside the LAN,
>> and if you configure it to not be reachable from outside the LAN, then
>> it cannot be used for DNS amplification attacks.
>> > Thanks,
>> > AS
> * <http://www.teamf1.com>*
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dnsmasq-discuss