Epmp on NAT 2.4.3 Dns Exploit,BuG, ( open recursive resolver) ??

Aero_Christian · August 19, 2015, 5:25pm

Has anyone encounter a problem on the 2.4.3 Version generating load of Bandwidth to many different DNS. It will ignored the QOS on the radio and utilize all the Bandwidth available. This is coming from the Epmp with no equipment connected( no devices) it seems to be running open recursive resolver ( DNS attack) , perhaps is exploit or a bug on the 2.4.3 Version, is the second time it appeared, the first one we had to go back to 2.4.2 in order to stop the open recursive resolver attack.

the CPE epmp is configure with NAT
other Epmp on bridge won’t show the same problem since the Public ip is not on the Epmp.

Any one know any knowledge on this matter??

DNS attack.PNG (246 KB)

PCaddict · August 19, 2015, 6:44pm

Hi , i see you use mikrotik. You can try limit connection via udp 53 on your side or do what i do and block all dns request that not use your dns server and google dns server 8.8.8.8 and 8.8.4.4. that help fix the problem with rogue client router ....

Dmitry_Moiseev · August 21, 2015, 2:44pm

Hi Aero,

Yes, we are aware of this bug and it will be fixed in next firmware release. Sorry for all inconviniece caused.

Thanks,

Dmitry

Aero_Christian · August 21, 2015, 6:48pm

Hi,

Thank you for acknowledge.

Even the 2.5 RC 10 Beta still has the bug.

Dmitry_Moiseev · August 21, 2015, 6:51pm

Hi,

It is fixed in 2.5-RC15 that is now available.

Thanks,

Dmitry