Discovered a vulnerability in ZeroShell makes it possible to carry out attacks DNS Amplification.
DNS server ZeroShell initially configured to accept recursive queries from any IP.
The attacker sends a recursive query to the short DNS server with spoofed source IP, the answer is much larger in size are sent to the address of the victim. With a massive attack heavily loaded outbound channel.
The solution – a ban recursive queries from external IP.
Add to the NETWORK -> DNS -> Options parameter:
allow-recursion { localhost; 192.168.0.0/16; 10.0.0.0/8; 172.16.0.0/12; };
This option enables recursive queries only from private LAN subnets 192.168.0.0.16, 10.0.0.0 / 8, 172.16.0.0/12.
If the router serves other subnets, add them.
–
Best regards, Dmitry [Meloun] Melnichenko.