Detect UDP port scan attack, scan packet from 8.8.8.8
937 views
Skip to first unread message
myrsky...@gmail.com
Jul 27, 2020, 11:18:29 AM7/27/20
to public-dns-discuss
My router/modem logs show these attacks started 10 days ago on the 17th of July and they've been happening every 8 hours since then.
I wonder what this means and if I should be concerned?
I'm not really experienced with this kind of stuff, thanks for help.
I wonder what this means and if I should be concerned?
I'm not really experienced with this kind of stuff, thanks for help.
Anthony Lieuallen
Jul 28, 2020, 2:41:43 PM7/28/20
to myrsky...@gmail.com, public-dns-discuss
The short answer is that Google Public DNS is absolutely not port scanning you (nor anyone else).
Exactly what's happening for sure is a much trickier question. Given how UDP works, the source address can be forged by an actual attacker. Personally my best guess is that something periodic in your system happens to trigger a lot of DNS queries in a burst, resulting in many DNS answers on random ports, which your tool is mis-detecting as an attack (especially given the periodic nature).
--
You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-disc...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/public-dns-discuss/6a2d9d5e-7195-42df-9e3b-326c3639d24do%40googlegroups.com.
myrsky...@gmail.com
Jul 28, 2020, 5:00:33 PM7/28/20
to public-dns-discuss
Thanks a lot for taking time to answer!
I'm glad to hear that it's not a real attack.
I don't know what might be triggering those DNS queries so I'm just going to wait and see if the constant log messages go away on their own.
I'm glad to hear that it's not a real attack.
I don't know what might be triggering those DNS queries so I'm just going to wait and see if the constant log messages go away on their own.
tiistai 28. heinäkuuta 2020 21.41.43 UTC+3 Anthony Lieuallen kirjoitti:
The short answer is that Google Public DNS is absolutely not port scanning you (nor anyone else).Exactly what's happening for sure is a much trickier question. Given how UDP works, the source address can be forged by an actual attacker. Personally my best guess is that something periodic in your system happens to trigger a lot of DNS queries in a burst, resulting in many DNS answers on random ports, which your tool is mis-detecting as an attack (especially given the periodic nature).
On Mon, Jul 27, 2020 at 11:18 AM <myrsky...@gmail.com> wrote:
My router/modem logs show these attacks started 10 days ago on the 17th of July and they've been happening every 8 hours since then.
I wonder what this means and if I should be concerned?
I'm not really experienced with this kind of stuff, thanks for help.
--
You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-discuss+unsub...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages