Prihlásiť sa Odoslať Novinky :: FAQ :: Rozšírené vyhľadávanie :: Napísali o nás :: Ankety
Main Menu
· Home
· 
· FAQ
· 
· Diskusia
· 
Main Menu
· Domov

Moduly
· AvantGo
· Downloads
· FAQ
· News
· Recommend Us
· Reviews
· Search
· Sections
· Stats
· Topics
· Top List
· Web Links
· Forum
Jazyk
Výber jazykovej mutácie:

FAQ  •  Search  •  Register  •  Log in to check your private messages
Log in  •  Maximize
The time now is 19.04.2024 - 04:58

SKFREE Forum Index » Technika » Hardware

Utoky DoS a filter BCP140

Post new topic Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Page 1 of 2 12 >
Author Message
Levian
Post subject: Utoky DoS a filter BCP140  PostPosted: 16.07.2014 - 22:18 #106972
Basic


Joined: Mar 13, 2007
Posts: 264
Location: Trnava
Nazdar pani!
Mam jeden problem na sieti kedy z mojej IP adresy na mikrotiku idu DoS utoky na DNS servre mojho ISP. Zakaznici su za NATkom takze neviem kto to je. Moj ISP mi doporucil aplikovat pravidlo BCP140. Googlil som ako to nakonfigurovat na mikrotiku ale nenasiel som co potrebujem. Vie to mikrotik vobec riesit ? Pripadne co by ste mi doporucili? Predpokladam ze cisco switch. Kam ho treba nasadit, na wan alebo do lan, konfiguracia ako router alebo switch ? Na lanke mam Catalist 3750 ale myslim ze tato nevie filter BCP140 robit. Ci ano ?
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
kemper
Post subject: RE: Utoky DoS a filter BCP140  PostPosted: 17.07.2014 - 12:38 #106975
Basic


Joined: Jan 23, 2009
Posts: 175
Mas zablokovany port 53 z vonku ?
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
Levian
Post subject: RE: Utoky DoS a filter BCP140  PostPosted: 17.07.2014 - 13:22 #106976
Basic


Joined: Mar 13, 2007
Posts: 264
Location: Trnava
Jasne, 53 je bloknuty. To bolo ako prve.
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
pepo
Post subject: RE: Utoky DoS a filter BCP140  PostPosted: 17.07.2014 - 14:40 #106977
Basic


Joined: Nov 30, 2004
Posts: 108
Location: okolie Nitry
Levian wrote: ›Jasne, 53 je bloknuty. To bolo ako prve.


Ale ked tam mas mikrotik co ti brani zistit kto ti to robi? vylistuj si 53 a hotovo.
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
JOFO
Post subject: RE: Utoky DoS a filter BCP140  PostPosted: 17.07.2014 - 15:40 #106979
Majster


Joined: Jan 08, 2006
Posts: 2584
alebo si mozes rovno nastavit natvrdo limit DNS requestov na IPcku za sekundu a bude pokoj.. taktiez pomoze bloknut velke DNS requesty. Ked idu z nejakej IPcky DNS requesty v 1,5kb paketoch tak to asi nebude bezny trafik Smile
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
Levian
Post subject: RE: Utoky DoS a filter BCP140  PostPosted: 18.07.2014 - 08:56 #106981
Basic


Joined: Mar 13, 2007
Posts: 264
Location: Trnava
IP DNS servra nieje moja akdresa (moj mikrotik) ale ip adresa u mojho providera. Ja na sieti problem nemam, problem ma moj ISP s tym ze z mojej siete idu utoky na jeho DNS servre a vytazuju ho na 70% Preto blokol pristup mojim verejnym IP k jeho servrom. Vidim ja vobec niekde tento trafic kedze adresovane to je priamo na neho ? v Connections sa jeho IP adresa DNS servra nenachadza.
Toto mam aplikovat, ako ?
http://tools.ietf.org/html/bcp140
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
Chalan
Post subject: RE: Utoky DoS a filter BCP140  PostPosted: 18.07.2014 - 16:06 #106984
Majster


Joined: Máj 12, 2004
Posts: 4579
Location: Bratislava
bud mi sibe alebo som prepracovany ale podla mojho nazoru, ak ide z tvojej siete utok na dns tvojho providera problem mas v prvom rade ty a nie tvoj provider... okrem toho ak ti to leze cez tvoju gw co je mk tam to predsa musis vidiet...
 
 View user's profile Send private message Visit poster's website MSN Messenger ICQ Number 
Reply with quote Back to top
JOFO
Post subject: RE: Utoky DoS a filter BCP140  PostPosted: 18.07.2014 - 17:51 #106985
Majster


Joined: Jan 08, 2006
Posts: 2584
presne tak.. ak tam mas mikrotik, tak si torchom pozri co ti lezie od klientov cez udp 53. Dropuj velke DNS requesty a pripadne nastav si aj rate a bude pokoj.. Ja som mal tiez taky problem, ale par pravidiel vo fw to hravo vyriesi
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
Express
Post subject: RE: Utoky DoS a filter BCP140  PostPosted: 18.07.2014 - 20:33 #106986
Basic


Joined: Júl 04, 2007
Posts: 476
JOFO wrote: ›presne tak.. ak tam mas mikrotik, tak si torchom pozri co ti lezie od klientov cez udp 53. Dropuj velke DNS requesty a pripadne nastav si aj rate a bude pokoj.. Ja som mal tiez taky problem, ale par pravidiel vo fw to hravo vyriesi

vsak mu sem daj tie pravidla a bude pokoj ako pises
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
Levian
Post subject: RE: Utoky DoS a filter BCP140  PostPosted: 18.07.2014 - 22:11 #106987
Basic


Joined: Mar 13, 2007
Posts: 264
Location: Trnava
Cez torch na port53 je TX Rate do 1000bps, Obcas sa objavi aj 2000bps ale len vynimoecne aj to z viac IP. RX rate je max 400bps
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
JOFO
Post subject: RE: Utoky DoS a filter BCP140  PostPosted: 19.07.2014 - 00:33 #106988
Majster


Joined: Jan 08, 2006
Posts: 2584
skus zakazat DNS vonku a redirektni vsetky DNS requesty na DNS poksytovatela.
Vo firewalle daj do filtra taketo nieco
Code: › chain=forward action=drop protocol=udp src-address-list=!Lokalka dst-port=53

Kde v liste "Lokalka" su vsetky subnety, ktore pouzivas. Toto ti odfiltruje DNS bordel na GW. V NATe uz len daj na zaciatok redirekt UDP 53 na IPcku DNS servra a hotovo.. Jednak odfiltrujes bordel a zaroven poriesis situacie, ked si zakaznik nastavi sam blbe DNS alebo mu to prestavi dajaky virus.. Moze si potom nastavit akukolvek IPcku a DNS mu pobezi aj tak Smile
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
Chalan
Post subject: RE: Utoky DoS a filter BCP140  PostPosted: 19.07.2014 - 09:00 #106989
Majster


Joined: Máj 12, 2004
Posts: 4579
Location: Bratislava
ale co firemny klienti ktory maju vlasnte dnska atd...
 
 View user's profile Send private message Visit poster's website MSN Messenger ICQ Number 
Reply with quote Back to top
JOFO
Post subject: RE: Utoky DoS a filter BCP140  PostPosted: 19.07.2014 - 10:22 #106991
Majster


Joined: Jan 08, 2006
Posts: 2584
samozrejme v pripade firemnych sa to neredirektuje a mozu si pouzivat co chcu. Su si za to ale sami zodpovedni. Z domacich zakaznikov sa zatial nik na to nestazoval.. Bezny clovek nema niekde na nete svoje DNS servre a vsetky requesty sa resolvuju rovnako.
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
midnight_man
Post subject: RE: Utoky DoS a filter BCP140  PostPosted: 20.07.2014 - 12:47 #106992
Majster


Joined: Feb 14, 2011
Posts: 2544
Chlapi, ak niekomu vytazujem na 70% DNS server tak za 1. v connections okamzite musim vidiet skade to ide, kedze to nebude 1-2 spojenia. Treba spolupracovat s majitelom DNS nech poskytne vypis z conntracku jeho servera, ktore spojenia ho vytazuju (vypis).

V poslednom rade, ty ako admin siete musis poznat svoju topologiu tak aby si vedel urcit ktora verejna IP adresa ide kam....a na mašine ktora robi NAT vies vylistovat priamo zakaznikov ktory posielaju takyto bordel. Je mala pravdepodobnost ze to robi viac zakaznikov naraz. Inac toto su velmi velmi zakladne veci.
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
Chalan
Post subject: RE: Utoky DoS a filter BCP140  PostPosted: 20.07.2014 - 15:25 #106993
Majster


Joined: Máj 12, 2004
Posts: 4579
Location: Bratislava
Express wrote: ›
JOFO wrote: ›presne tak.. ak tam mas mikrotik, tak si torchom pozri co ti lezie od klientov cez udp 53. Dropuj velke DNS requesty a pripadne nastav si aj rate a bude pokoj.. Ja som mal tiez taky problem, ale par pravidiel vo fw to hravo vyriesi

vsak mu sem daj tie pravidla a bude pokoj ako pises


express ty aj zijes? Smile
 
 View user's profile Send private message Visit poster's website MSN Messenger ICQ Number 
Reply with quote Back to top
Display posts from previous:     
All times are GMT
Post new topic Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Page 1 of 2 12 >
Jump to:  

SKFREE Forum Index » Technika » Hardware
Powered by PNphpBB2 © 2003-2005 The PNphpBB Group
Credits

(C) SKFree 2002-2010: Powered by POSTNUKE. Môžete prebera? naše správy vo formáte XML(RSS)