Hi folks We have experienced this issue a lot with the WNDR4500 model in the last months. This is definitely a bug, which can be fixed with a newer FW release. Whenever we see constant traffic of approx. 10 Mbps and high CPU on our name servers, it's a WNDR4500.
I'm not completely sure, but it seems like the DNS query flooding is triggered by a temporary link down on the router's WAN port. No advices for hacking from my side. Just hunt down the customer who's causing your problem :) Cheers, Reto > -----Original Message----- > From: [email protected] [mailto:swinog- > [email protected]] On Behalf Of Beat Bodenmann > Sent: Friday, May 24, 2013 2:59 PM > To: [email protected] > Subject: Re: [swinog] DDOS DNS Attack by Netgear Products caused by CNAME > instead of A record? > > Hey all > > We had the same problem, at last a few weeks ago. We reported it to > Netgear in Dec 12 for the first Time -> no result > We tried to overwrite these records with another -> just for testing. The > routers were still asking k-times a second. > > I think it's not a DNS-problem, cause it doesn't matter what's the answer > on a request is, the router is still asking. > Only a reboot of device stops the 'attack'. > > Best Regards > > Beat > > > > -----Ursprüngliche Nachricht----- > Von: [email protected] [mailto:swinog- > [email protected]] Im Auftrag von Roman Hochuli > Gesendet: Freitag, 24. Mai 2013 14:33 > An: [email protected] > Betreff: Re: [swinog] DDOS DNS Attack by Netgear Products caused by CNAME > instead of A record? > > Hey All > > If it is really hurting you big time you may choose to run a very mean > hack: temporarily setup a netgear.com-Zone on your dns-servers and point > these records to a useful NTP server. Adding an A-record for their website > would probably a good idea as well. ;) > > Yes, it is an EXTREMELY UGLY HACK. But as stated above: it might be easier > to cut yourself a hand off than loosing the whole arm... > > > but what's the hex string for this kind of query. > > anybody got it? > > Had there somebody fun with Stefans presentation of yesterday...? ;) > > -- > Best regards, > Roman Hochuli > Operations Manager > > nexellent ag > Saegereistrasse 33 > CH-8152 Glattbrugg > > Phone: +41 44 872 20 00 > Fax: +41 44 872 20 01 > URL: www.nexellent.ch > X-NCC-RegID: ch.nexellent > > Imagination is the one weapon in the war against reality. > -- Jules de Gaultier > > > > _______________________________________________ > swinog mailing list > [email protected] > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > > > _______________________________________________ > swinog mailing list > [email protected] > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog _______________________________________________ swinog mailing list [email protected] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
