[Cerowrt-devel] arp for 0.0.0.0
maciej at soltysiak.com
Fri Jan 25 13:01:40 EST 2013
On 25 Jan 2013 17:23, "Michael Richardson" <mcr at sandelman.ca> wrote:
> It also seems that there is no control to keep dnsmasq from answering
> on my ge00. I guess some trojans try to use me for DOS amplication by
> asking for isc.org continuously?
Although dnsmasq listens on 0.0.0.0:53 and :::53 it is not responding on
Thanks to list notinterface ge00 in /etc/config/dhcp
This means that port 53 is open, but DNS is not accessible from ge00, see:
solt at mkslnx004:~$ nmap -sV -p 53 A.B.C.D
Starting Nmap 5.21 ( http://nmap.org ) at 2013-01-25 18:55 CET
Nmap scan report for XXXXX (A.B.C.D)
Host is up (0.018s latency).
PORT STATE SERVICE VERSION
53/tcp open tcpwrapped
Service detection performed. Please report any incorrect results at
Nmap done: 1 IP address (1 host up) scanned in 0.75 seconds
solt at mkslnx004:~$ nslookup kernel.org A.B.C.D
;; connection timed out; no servers could be reached
If you want to close that down you could be drop all on ge00 by: iptables
-I zone_wan -j DROP
or just filter 53.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Cerowrt-devel