ZeroShell DNS Amplification attack protect

Home Page Forums Network Management ZeroShell ZeroShell DNS Amplification attack protect

This topic contains 2 replies, has 0 voices, and was last updated by  meloun 5 years, 4 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #43691

    meloun
    Member

    Discovered a vulnerability in ZeroShell makes it possible to carry out attacks DNS Amplification.

    DNS server ZeroShell initially configured to accept recursive queries from any IP.
    The attacker sends a recursive query to the short DNS server with spoofed source IP, the answer is much larger in size are sent to the address of the victim. With a massive attack heavily loaded outbound channel.

    The solution – a ban recursive queries from external IP.
    Add to the NETWORK -> DNS -> Options parameter:

    allow-recursion { localhost; 192.168.0.0/16; 10.0.0.0/8; 172.16.0.0/12; };

    This option enables recursive queries only from private LAN subnets 192.168.0.0.16, 10.0.0.0 / 8, 172.16.0.0/12.
    If the router serves other subnets, add them.


    Best regards, Dmitry [Meloun] Melnichenko.

    #52792

    imported_fulvio
    Participant

    Hi,
    the new release 2.0.RC3 solve sthe issue.

    Regards
    Fulvio

    #52793

    micampo
    Member

    can you please illustrate some vulnerability?

    #52794

    meloun
    Member

    @micampo wrote:

    can you please illustrate some vulnerability?

    example illustrating http://www.youtube.com/watch?v=xTKjHWkDwP0

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.