Operating System - Linux
1839149 Members
3031 Online
110136 Solutions
New Discussion

Re: dns server being attack on udp port 4156

 
SOLVED
Go to solution
K.C. Chan
Trusted Contributor

dns server being attack on udp port 4156

All,
I've just put up a firewall today, and I noticed that udp port 4156 on my dns server is being access (denied access) by outside world. This ok, but it's getting rediculous bec. it's causing bandwidth problem. Here's a snippet of the log files:

8335518 09/23/02 16:00:41 firewalld[94] deny in eth0 69 udp 20 45 195.67.188.16 63.78.100.2 4156 4156 (default)
8335538 09/23/02 16:00:41 firewalld[94] deny in eth0 69 udp 20 50 64.56.187.58 63.78.100.2 4156 4156 (default)
8335558 09/23/02 16:00:41 firewalld[94] deny in eth0 69 udp 20 51 65.59.116.100 63.78.100.2 4156 4156 (default)
8335578 09/23/02 16:00:41 firewalld[94] deny in eth0 69 udp 20 43 61.37.83.80 63.78.100.2 4156 4156 (default)
8335598 09/23/02 16:00:41 firewalld[94] deny in eth0 69 udp 20 48 195.228.75.39 63.78.100.2 4156 4156 (default)
8335618 09/23/02 16:00:41 firewalld[94] deny in eth0 69 udp 20 48 163.117.148.96 63.78.100.2 4156 4156 (default)
8335638 09/23/02 16:00:41 firewalld[94] deny in eth0 69 udp 20 45 196.25.108.238 63.78.100.2 4156 4156 (default)
8335658 09/23/02 16:00:41 firewalld[94] deny in eth0 69 udp 20 44 212.244.165.245 63.78.100.2 4156 4156 (default)
8335678 09/23/02 16:00:41 firewalld[94] deny in eth0 69 udp 20 49 66.70.29.130 63.78.100.2 4156 4156 (default)
8335698 09/23/02 16:00:41 firewalld[94] deny in eth0 69 udp 20 50 200.225.79.87 63.78.100.2 4156 4156 (default)
8335718 09/23/02 16:00:41 firewalld[94] deny in eth0 69 udp 20 43 163.152.68.22 63.78.100.2 4156 4156 (default)
8335738 09/23/02 16:00:41 firewalld[94] deny in eth0 69 udp 20 45 159.226.44.186 63.78.100.2 4156 4156 (default)
8335758 09/23/02 16:00:41 firewalld[94] deny in eth0 69 udp 20 53 64.51.152.187 63.78.100.2 4156 4156 (default)
8335778 09/23/02 16:00:41 firewalld[94] deny in eth0 69 udp 20 48 158.36.33.38 63.78.100.2 4156 4156 (default)

An idea on how to get rid of this problem? Thanks.
Reputation of a thousand years can be determined by the conduct of an hour
1 REPLY 1
Dirk Wiedemann
Respected Contributor
Solution

Re: dns server being attack on udp port 4156

Hello,

afaik there is a new variant from slapper worm which is using UPD port 4156. I think there is sadly nothing you can do to avoid this requests to your firewall.
The most important thing is that your firewall denies such requests.
Maybe you can contact your internet provider and ask him to filter this requests.

regards
Dirk