* [Cerowrt-devel] arp for 0.0.0.0
@ 2013-01-25 16:22 Michael Richardson
2013-01-25 18:01 ` Maciej Soltysiak
0 siblings, 1 reply; 2+ messages in thread
From: Michael Richardson @ 2013-01-25 16:22 UTC (permalink / raw)
To: cerowrt-devel
So, I was tcpdump'ing on my ge00 to try and see where my bandwidth had
gone, and if there was some unresolved bloat. I can tell because I
stream my music from my home to my office, and it will skip if my home
is screwed up.
I was seeing all sorts of arp requests... basically for everything on
the Internet. Weirdly, my ISP seems to proxy-arp for
EVERYTHING.... what was wrong? why was I doing this. I've seen this
on windows boxes when they have a network route pointing 0.0.0.0/0
to the "LAN".... but I don't have that:
root@bud:~# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
0.0.0.0 209.87.254.158 0.0.0.0 UG 0 0 0 ge00
oops, wait... did I type my gateway wrong??? yes. I've pointed my
gateway at myself. DAMN. that shouldn't have worked at all!!!
I'm just posting this as a huh.
It also seems that there is no control to keep dnsmasq from answering
on my ge00. I guess some trojans try to use me for DOS amplication by
asking for isc.org continuously?
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [Cerowrt-devel] arp for 0.0.0.0
2013-01-25 16:22 [Cerowrt-devel] arp for 0.0.0.0 Michael Richardson
@ 2013-01-25 18:01 ` Maciej Soltysiak
0 siblings, 0 replies; 2+ messages in thread
From: Maciej Soltysiak @ 2013-01-25 18:01 UTC (permalink / raw)
To: Michael Richardson; +Cc: cerowrt-devel
[-- Attachment #1: Type: text/plain, Size: 1092 bytes --]
On 25 Jan 2013 17:23, "Michael Richardson" <mcr@sandelman.ca> wrote:
> It also seems that there is no control to keep dnsmasq from answering
> on my ge00. I guess some trojans try to use me for DOS amplication by
> asking for isc.org continuously?
There is.
Although dnsmasq listens on 0.0.0.0:53 and :::53 it is not responding on
ge00.
Thanks to list notinterface ge00 in /etc/config/dhcp
This means that port 53 is open, but DNS is not accessible from ge00, see:
solt@mkslnx004:~$ nmap -sV -p 53 A.B.C.D
Starting Nmap 5.21 ( http://nmap.org ) at 2013-01-25 18:55 CET
Nmap scan report for XXXXX (A.B.C.D)
Host is up (0.018s latency).
PORT STATE SERVICE VERSION
53/tcp open tcpwrapped
Service detection performed. Please report any incorrect results at
http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.75 seconds
solt@mkslnx004:~$ nslookup kernel.org A.B.C.D
;; connection timed out; no servers could be reached
If you want to close that down you could be drop all on ge00 by: iptables
-I zone_wan -j DROP
or just filter 53.
Regards,
Maciej
[-- Attachment #2: Type: text/html, Size: 1588 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-01-25 18:01 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-01-25 16:22 [Cerowrt-devel] arp for 0.0.0.0 Michael Richardson
2013-01-25 18:01 ` Maciej Soltysiak
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox