Development issues regarding the cerowrt test router project
 help / color / mirror / Atom feed
* [Cerowrt-devel] arp for 0.0.0.0
@ 2013-01-25 16:22 Michael Richardson
  2013-01-25 18:01 ` Maciej Soltysiak
  0 siblings, 1 reply; 2+ messages in thread
From: Michael Richardson @ 2013-01-25 16:22 UTC (permalink / raw)
  To: cerowrt-devel


So, I was tcpdump'ing on my ge00 to try and see where my bandwidth had
gone, and if there was some unresolved bloat.  I can tell because I
stream my music from my home to my office, and it will skip if my home
is screwed up.

I was seeing all sorts of arp requests... basically for everything on
the Internet.   Weirdly, my ISP seems to proxy-arp for
EVERYTHING.... what was wrong?   why was I doing this.  I've seen this
on windows boxes when they have a network route pointing 0.0.0.0/0
to the "LAN".... but I don't have that:

root@bud:~# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt
0.0.0.0         209.87.254.158  0.0.0.0         UG        0 0     0   ge00

oops, wait... did I type my gateway wrong??? yes. I've pointed my
gateway at myself. DAMN.  that shouldn't have worked at all!!!

I'm just posting this as a huh.
It also seems that there is no control to keep dnsmasq from answering
on my ge00.    I guess some trojans try to use me for DOS amplication by
asking for isc.org continuously?




^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [Cerowrt-devel] arp for 0.0.0.0
  2013-01-25 16:22 [Cerowrt-devel] arp for 0.0.0.0 Michael Richardson
@ 2013-01-25 18:01 ` Maciej Soltysiak
  0 siblings, 0 replies; 2+ messages in thread
From: Maciej Soltysiak @ 2013-01-25 18:01 UTC (permalink / raw)
  To: Michael Richardson; +Cc: cerowrt-devel

[-- Attachment #1: Type: text/plain, Size: 1092 bytes --]

On 25 Jan 2013 17:23, "Michael Richardson" <mcr@sandelman.ca> wrote:

> It also seems that there is no control to keep dnsmasq from answering
> on my ge00.    I guess some trojans try to use me for DOS amplication by
> asking for isc.org continuously?
There is.

Although dnsmasq listens on 0.0.0.0:53 and :::53 it is not responding on
ge00.
Thanks to list notinterface       ge00 in /etc/config/dhcp

This means that port 53 is open, but DNS is not accessible from ge00, see:

solt@mkslnx004:~$ nmap -sV -p 53 A.B.C.D

Starting Nmap 5.21 ( http://nmap.org ) at 2013-01-25 18:55 CET
Nmap scan report for XXXXX (A.B.C.D)
Host is up (0.018s latency).
PORT   STATE SERVICE    VERSION
53/tcp open  tcpwrapped

Service detection performed. Please report any incorrect results at
http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.75 seconds

solt@mkslnx004:~$ nslookup kernel.org A.B.C.D
;; connection timed out; no servers could be reached

If you want to close that down you could be drop all on ge00 by: iptables
-I zone_wan -j DROP

or just filter 53.

Regards,
Maciej

[-- Attachment #2: Type: text/html, Size: 1588 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2013-01-25 18:01 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-01-25 16:22 [Cerowrt-devel] arp for 0.0.0.0 Michael Richardson
2013-01-25 18:01 ` Maciej Soltysiak

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox