From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <maciej@soltysiak.com>
Received: from mail-oa0-f46.google.com (mail-oa0-f46.google.com
	[209.85.219.46]) (using TLSv1 with cipher RC4-SHA (128/128 bits))
	(Client CN "smtp.gmail.com",
	Issuer "Google Internet Authority" (verified OK))
	by huchra.bufferbloat.net (Postfix) with ESMTPS id D6B1021F0BD
	for <cerowrt-devel@lists.bufferbloat.net>;
	Fri, 25 Jan 2013 10:01:41 -0800 (PST)
Received: by mail-oa0-f46.google.com with SMTP id h16so772218oag.19
	for <cerowrt-devel@lists.bufferbloat.net>;
	Fri, 25 Jan 2013 10:01:40 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20120113;
	h=mime-version:x-received:x-originating-ip:in-reply-to:references
	:date:message-id:subject:from:to:cc:content-type:x-gm-message-state;
	bh=kUBkIW7lH4XVCvCr+a9n8f/9LXsfQ7GsYuzAYGewuUo=;
	b=UGhk+2k9KyuaF5/lZaIJe12low1z4VnOYDrI7J6AzcW1usco8tSo3xW9fa8inIOJy7
	CBeXdM/pSSWnGknJjh/vrY1i5STwg6+0qldUsxJgFpqbZ2KzXCjIi03/Q4qd3YkE1TV2
	52Utz54Za0dZ7MOSjt1pH3xsrcGwodwA1VaRHLHqEC6R/8bPgxFVAm+UfncyNxhp+UqP
	wU3nOyOgnWA0cQp3jYw5N3+bnZJmmD53LrWXwfssOU96yfsQk4D8Qm2P1GSF31L00i71
	seyuTQHc339awXadoGM7UGppicNPc6NcPLAt2WKuDObMnpLCxXm2p6go5/gE5WMDHj/2
	vDvQ==
MIME-Version: 1.0
X-Received: by 10.60.3.193 with SMTP id e1mr5327503oee.39.1359136900394; Fri,
	25 Jan 2013 10:01:40 -0800 (PST)
Received: by 10.76.80.99 with HTTP; Fri, 25 Jan 2013 10:01:40 -0800 (PST)
X-Originating-IP: [77.65.47.165]
In-Reply-To: <5858.1359130931@sandelman.ca>
References: <5858.1359130931@sandelman.ca>
Date: Fri, 25 Jan 2013 19:01:40 +0100
Message-ID: <CAMZR1YBuT_5y9feJZuaP1v5now5YCb6V0KoPdkqRwdrWc9MCiQ@mail.gmail.com>
From: Maciej Soltysiak <maciej@soltysiak.com>
To: Michael Richardson <mcr@sandelman.ca>
Content-Type: multipart/alternative; boundary=e89a8ff2563e26301a04d420b84e
X-Gm-Message-State: ALoCoQkNFyDs4kW+SVOdBcMYGoWebX0U2WCI1u3S0fXjlKt0nUBDk7Ev4nUalZxGJSskCnZ4eMuG
Cc: cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] arp for 0.0.0.0
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Fri, 25 Jan 2013 18:01:42 -0000

--e89a8ff2563e26301a04d420b84e
Content-Type: text/plain; charset=UTF-8

On 25 Jan 2013 17:23, "Michael Richardson" <mcr@sandelman.ca> wrote:

> It also seems that there is no control to keep dnsmasq from answering
> on my ge00.    I guess some trojans try to use me for DOS amplication by
> asking for isc.org continuously?
There is.

Although dnsmasq listens on 0.0.0.0:53 and :::53 it is not responding on
ge00.
Thanks to list notinterface       ge00 in /etc/config/dhcp

This means that port 53 is open, but DNS is not accessible from ge00, see:

solt@mkslnx004:~$ nmap -sV -p 53 A.B.C.D

Starting Nmap 5.21 ( http://nmap.org ) at 2013-01-25 18:55 CET
Nmap scan report for XXXXX (A.B.C.D)
Host is up (0.018s latency).
PORT   STATE SERVICE    VERSION
53/tcp open  tcpwrapped

Service detection performed. Please report any incorrect results at
http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.75 seconds

solt@mkslnx004:~$ nslookup kernel.org A.B.C.D
;; connection timed out; no servers could be reached

If you want to close that down you could be drop all on ge00 by: iptables
-I zone_wan -j DROP

or just filter 53.

Regards,
Maciej

--e89a8ff2563e26301a04d420b84e
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p dir=3D"ltr"><br>
On 25 Jan 2013 17:23, &quot;Michael Richardson&quot; &lt;<a href=3D"mailto:=
mcr@sandelman.ca" target=3D"_blank">mcr@sandelman.ca</a>&gt; wrote:</p>
<p dir=3D"ltr">&gt; It also seems that there is no control to keep dnsmasq =
from answering<br>
&gt; on my ge00. =C2=A0 =C2=A0I guess some trojans try to use me for DOS am=
plication by<br>
&gt; asking for <a href=3D"http://isc.org" target=3D"_blank">isc.org</a> co=
ntinuously?<br>
There is. <br></p><p dir=3D"ltr">Although dnsmasq listens on <a href=3D"htt=
p://0.0.0.0:53">0.0.0.0:53</a> and :::53 it is not responding on ge00.<br>T=
hanks to list notinterface=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ge00 in /etc=
/config/dhcp</p><p dir=3D"ltr">
This means that port 53 is open, but DNS is not accessible from ge00, see:<=
/p><p dir=3D"ltr">solt@mkslnx004:~$ nmap -sV -p 53 A.B.C.D<br><br>Starting =
Nmap 5.21 ( <a href=3D"http://nmap.org">http://nmap.org</a> ) at 2013-01-25=
 18:55 CET<br>
Nmap scan report for XXXXX (A.B.C.D)<br>Host is up (0.018s latency).<br>POR=
T=C2=A0=C2=A0 STATE SERVICE=C2=A0=C2=A0=C2=A0 VERSION<br>53/tcp open=C2=A0 =
tcpwrapped<br><br>Service detection performed. Please report any incorrect =
results at <a href=3D"http://nmap.org/submit/">http://nmap.org/submit/</a> =
.<br>
Nmap done: 1 IP address (1 host up) scanned in 0.75 seconds<br></p><p dir=
=3D"ltr">solt@mkslnx004:~$ nslookup <a href=3D"http://kernel.org">kernel.or=
g</a> A.B.C.D<br>;; connection timed out; no servers could be reached<br><b=
r>
</p><p dir=3D"ltr">If you want to close that down you could be drop all on =
ge00 by: iptables -I zone_wan -j DROP</p><p dir=3D"ltr">or just filter 53.<=
/p><p dir=3D"ltr">Regards,<br>Maciej<br></p>

--e89a8ff2563e26301a04d420b84e--