[Dnsmasq-discuss] Help in DNS amplification attack

@shuToSH Ch@tURveDI ashutosh.chaturvedi.31 at gmail.com
Fri Jul 17 06:04:11 BST 2015


as per link i shared they mention


in step 3
"To test the vulnerability, we will check your server for a DNS record it
should not have. If a result is returned, then the info was pulled by your
server from another DNS server and is open to this vulnerability."

yes as i checked capture packet its like my WAN sending some dns query to
out internet for 1and1.com and getting result,
so on what bases i should reject this result.


Thanks,
AS


On Thu, Jul 16, 2015 at 4:26 PM, @shuToSH Ch at tURveDI <
ashutosh.chaturvedi.31 at gmail.com> wrote:

>
> Is your dnsmasq the autoritative name server for a domain that you
> manage?
> --> no i am not managing any domin,just using dnsmasq for dns query and
> forward it to LAN client, whoever
> is requested, i got to know my dnsmasq vulnerable for DNS amplification
> attacks, if attack using spoof, i prevent this anyhow
> if internet or external network spoofing but not sure about this 1and1
> attack.
>
> If not, then you don't need it to be reachable from outside the LAN,
> and if you configure it to not be reachable from outside the LAN, then
> it cannot be used for DNS amplification attacks.
> --> as i know my dnsmasq listen only to LAN if wont accept any query
> outside the LAN,
>
> Thanks for your time :)
>
>
> On Thu, Jul 16, 2015 at 4:04 PM, Albert ARIBAUD <albert.aribaud at free.fr>
> wrote:
>
>> Hi again AS,
>>
>> Le Thu, 16 Jul 2015 15:39:56 +0530, "@shuToSH Ch at tURveDI"
>> <ashutosh.chaturvedi.31 at gmail.com> a écrit :
>>
>> > NO,
>> >
>> > i am using router from LAN i am sending query like (nslookup 1and1.com
>> IP
>> > of LAN),
>> > and dnsmasq listening on LAN, and WAN Internet reachable.
>> >
>> > i am also not sure this is issue or not.
>>
>> Is your dnsmasq the autoritative name server for a domain that you
>> manage?
>>
>> If not, then you don't need it to be reachable from outside the LAN,
>> and if you configure it to not be reachable from outside the LAN, then
>> it cannot be used for DNS amplification attacks.
>>
>> > Thanks,
>> > AS
>>
>> Amicalement,
>> --
>> Albert.
>>
>
>
>
> --
>
> * <http://www.teamf1.com>*
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20150717/309c6c47/attachment.html>


More information about the Dnsmasq-discuss mailing list