ZeroShell DNS Amplification attack protect

Forums Network Management ZeroShell ZeroShell DNS Amplification attack protect

  • This topic is empty.
Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • July 15, 2013 at 12:00 pm #43691
    meloun
    Member

    Discovered a vulnerability in ZeroShell makes it possible to carry out attacks DNS Amplification.

    DNS server ZeroShell initially configured to accept recursive queries from any IP.
    The attacker sends a recursive query to the short DNS server with spoofed source IP, the answer is much larger in size are sent to the address of the victim. With a massive attack heavily loaded outbound channel.

    The solution – a ban recursive queries from external IP.
    Add to the NETWORK -> DNS -> Options parameter:

    allow-recursion { localhost; 192.168.0.0/16; 10.0.0.0/8; 172.16.0.0/12; };

    This option enables recursive queries only from private LAN subnets 192.168.0.0.16, 10.0.0.0 / 8, 172.16.0.0/12.
    If the router serves other subnets, add them.


    Best regards, Dmitry [Meloun] Melnichenko.

    July 20, 2013 at 12:25 pm #52792
    imported_fulvio
    Participant

    Hi,
    the new release 2.0.RC3 solve sthe issue.

    Regards
    Fulvio

    September 7, 2013 at 9:34 pm #52793
    micampo
    Member

    can you please illustrate some vulnerability?

    September 27, 2013 at 9:07 am #52794
    meloun
    Member

    @micampo wrote:

    can you please illustrate some vulnerability?

    example illustrating http://www.youtube.com/watch?v=xTKjHWkDwP0

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.