[SAC] [support.osuosl.org #30012] Open DNS Resolver at tracsvn.osgeo.osuosl.org (140.211.15.71)
tech@wildintellect.com via RT
support at osuosl.org
Mon Apr 9 15:00:01 PDT 2018
Yes, I believe we modified DNSmasq to only take local requests.
https://trac.osgeo.org/osgeo/ticket/1693#comment:18
On 04/09/2018 01:53 PM, Travis Whitehead via RT wrote:
> Hello,
>
> Any progress/insight on this?
>
> Thank you!
>
> On Thu Mar 29 17:14:17 2018, tech at wildintellect.com wrote:
>> I assume this has something to do with how we 'fixed' DNS issues on
>> Trac. Sandro and Chris, can you figure out how to lock this down more?
>>
>> Thanks,
>> Alex
>>
>> On 03/29/2018 02:55 PM, OSL Systems Support Team via RT wrote:
>>> Greetings,
>>>
>>> This message has been automatically generated in response to the
>>> creation of a support ticket call:
>>>
>>> "Open DNS Resolver at tracsvn.osgeo.osuosl.org
>> (140.211.15.71)",
>>>
>>> a summary of which appears below.
>>>
>>> There is no need to reply to this message right now. Your ticket has
>> been
>>> assigned an ID of [support.osuosl.org #30012]. Please include this
>> string
>>> in the subject line of all future correspondence about this issue.
>> You may
>>> also catch us on irc (irc.freenode.net) in #osuosl.
>>>
>>>
>>>
>>> Thank you.
>>> support at osuosl.org
>>>
>>>
>> -------------------------------------------------------------------------
>>> Hello OSGeo,
>>>
>>> We at the OSL have received a report indicating your project is
>> running an open
>>> DNS resolver at tracsvn.osgeo.osuosl.org (140.211.15.71).
>>>
>>> Here's a copy of the report:
>>> On Mon Mar 26 07:43:08 2018, abuse at nero.net wrote:
>>>> Report: openresolvers
>>>>
>>>> Open DNS resolvers are used to generate an increasing number of
>>>> extremely large DDoS attacks, without any need for infected hosts
>> to
>>>> participate. These resolvers may not be compromised, but are open
>> to
>>>> abuse by others and pose a threat to the global network
>> infrastructure.
>>>> Even if your DNS resolver is not performing recursive queries on
>> behalf
>>>> of non-customer clients, it can still be abused to participate in a
>>>> DDoS. We strongly encourage you to filter these queries or
>> configure
>>>> your DNS resolver to either refuse or rate-limit its responses.
>>>>
>>>> * http://openresolverproject.org/
>>>> * https://www.dns-oarc.net/oarc/articles/upward-referrals-
>> considered-harmful
>>>>
>>>>
>>>> event | ip | timestamp | details
>>>>
>>
> ------------------+------------------+---------------------+------------------
>>>> openresolvers | 140.211.15.71 | 2018-03-24 21:52:07 | responding
>> ip= RCODE=0
>>> recursion available=1
>>>>
>>
> ------------------+------------------+---------------------+------------------
>>>
>>> Information about securing open resolvers is available in links in
>> the report.
>>> Could you please remedy this?
>>>
>>> I'm unsure if I can post to sac at lists.osgeo.org, so I also added an
>> address
>>> from past correspondence in our ticketing system.
>>>
>>> Thanks!
>>> _______________________________________________
>>> Sac mailing list
>>> Sac at lists.osgeo.org
>>> https://lists.osgeo.org/mailman/listinfo/sac
>>>
>>
>
>
> --
> Travis Whitehead
> Student Systems Engineer
> Oregon State University | Open Source Lab
>
More information about the Sac
mailing list