bottleneck
Choose style:
« previous next »
Pages: [1]   Go Down

Author Topic: Almond+ Suspected of DDOS Attack  (Read 4697 times)

0 Members and 1 Guest are viewing this topic.

Offline francehopper

  • Backer
  • *
  • Posts: 33
  • Thanks: 0
    • Registered : 19/08/2014
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Almond+ Suspected of DDOS Attack
« on: November 26, 2014, 01:54:57 pm »
So I woke up this morning to this email from our central IT department at my university (edited for their spelling mistakes):
"Your device is exposing a recursive DNS resolver and an SSDP service to the internet which is being leveraged in a DDOS attack."

They've already isolated its network jack since the email came in an hour ago. I'm away for the holiday but will have to deal with this on Sunday now. Any suggestions? Personally, I'm inclined to say they're bullshitting to get revenge for complaining about the internet outage we had yesterday and calling them out for never logging a downtime incident for it.
Logged

jjoepaulines

  • Guest
Re: Almond+ Suspected of DDOS Attack
« Reply #1 on: November 26, 2014, 07:33:12 pm »
As i remember , You turn-off  your firewall right ? ....

REF : http://forum.securifi.com/index.php/topic,1501.msg7380.html#msg7380
Logged

Offline francehopper

  • Backer
  • *
  • Posts: 33
  • Thanks: 0
    • Registered : 19/08/2014
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: Almond+ Suspected of DDOS Attack
« Reply #2 on: November 26, 2014, 07:35:29 pm »
With the constant brute force attempts and port scans that were coming in as a result, it's been back on for a while now.
Logged

jjoepaulines

  • Guest
Re: Almond+ Suspected of DDOS Attack
« Reply #3 on: November 26, 2014, 09:46:28 pm »
You got these alert because of port 53 which belongs to Dnsmasq been exposed to wan side ..

Please share you config file of your ALmond plus via PM @joe.john@securifi.com to analyse your problem.
Logged

Offline francehopper

  • Backer
  • *
  • Posts: 33
  • Thanks: 0
    • Registered : 19/08/2014
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: Almond+ Suspected of DDOS Attack
« Reply #4 on: November 26, 2014, 09:52:46 pm »
Quote from: Joe on November 26, 2014, 09:46:28 pm
You got these alert because of port 53 which belongs to Dnsmasq been exposed to wan side ..

Please share you config file of your ALmond plus via PM @joe.john@securifi.com to analyse your problem.


I'll have to send it Sunday when I'm back from my holiday break.
Logged

Offline chevyman142000

  • Backer
  • *
  • Posts: 105
  • Thanks: 0
    • Registered : 02/08/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: Almond+ Suspected of DDOS Attack
« Reply #5 on: November 28, 2014, 11:06:26 am »
I have gotten a similar email from my ISP about a month or so ago for the same reasons. I resolved by not allowing the router to respond on the WAN interface. Only downside to this is I cannot get to the web interface from outside of my home network.
Logged

Offline francehopper

  • Backer
  • *
  • Posts: 33
  • Thanks: 0
    • Registered : 19/08/2014
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: Almond+ Suspected of DDOS Attack
« Reply #6 on: November 28, 2014, 11:49:26 am »
Quote from: chevyman142000 on November 28, 2014, 11:06:26 am
I have gotten a similar email from my ISP about a month or so ago for the same reasons. I resolved by not allowing the router to respond on the WAN interface. Only downside to this is I cannot get to the web interface from outside of my home network.

I'll have to look in to that.

EDIT: @Joe: I've sent you an email with my settings.
« Last Edit: November 30, 2014, 03:30:17 pm by francehopper »
Logged
Pages: [1]   Go Up
« previous next »
 

Page created in 0.072 seconds with 19 queries.

bottleneck