Securifi Community Forum
Securifi Products => Almond+ => Topic started by: francehopper on November 26, 2014, 01:54:57 pm
-
So I woke up this morning to this email from our central IT department at my university (edited for their spelling mistakes):
"Your device is exposing a recursive DNS resolver and an SSDP service to the internet which is being leveraged in a DDOS attack."
They've already isolated its network jack since the email came in an hour ago. I'm away for the holiday but will have to deal with this on Sunday now. Any suggestions? Personally, I'm inclined to say they're bullshitting to get revenge for complaining about the internet outage we had yesterday and calling them out for never logging a downtime incident for it.
-
As i remember , You turn-off your firewall right ? ....
REF : http://forum.securifi.com/index.php/topic,1501.msg7380.html#msg7380
-
With the constant brute force attempts and port scans that were coming in as a result, it's been back on for a while now.
-
You got these alert because of port 53 which belongs to Dnsmasq been exposed to wan side ..
Please share you config file of your ALmond plus via PM @joe.john@securifi.com to analyse your problem.
-
You got these alert because of port 53 which belongs to Dnsmasq been exposed to wan side ..
Please share you config file of your ALmond plus via PM @joe.john@securifi.com to analyse your problem.
I'll have to send it Sunday when I'm back from my holiday break.
-
I have gotten a similar email from my ISP about a month or so ago for the same reasons. I resolved by not allowing the router to respond on the WAN interface. Only downside to this is I cannot get to the web interface from outside of my home network.
-
I have gotten a similar email from my ISP about a month or so ago for the same reasons. I resolved by not allowing the router to respond on the WAN interface. Only downside to this is I cannot get to the web interface from outside of my home network.
I'll have to look in to that.
EDIT: @Joe: I've sent you an email with my settings.