Vesta Control Panel - Forum

Community Forum

Skip to content

Advanced search
  • Quick links
    • Main site
    • Github repo
    • Google Search
  • FAQ
  • Login
  • Register
  • Board index Main Section DNS Server
  • Search

[Security Loophole] DNS Blocking Applies to UDP Only

Questions regarding the DNS Server
BIND
Post Reply
  • Print view
Advanced search
1 post • Page 1 of 1
kareem
Posts: 3
Joined: Fri Sep 08, 2017 2:33 am

[Security Loophole] DNS Blocking Applies to UDP Only
  • Quote

Post by kareem » Sun Nov 19, 2017 12:07 am

Fail2ban-DNS chain in vesta blocks port 53 UDP only. Since domains can be resolved using TCP, any rules that fail2ban add will not really stop an attacker from continuously resolving over TCP.

This can be fixed by adding a second rule to the fail2ban chain in Vesta configuration to block 53 TCP as well.

Code: Select all

CHAIN='DNS' PORT='53' PROTOCOL='TCP'
This new chain rule should be added in /usr/local/vesta/data/firewall/chains.conf IN addition to the existing UDP rule.

Please include this in next update.
Top
Post Reply
  • Print view
1 post • Page 1 of 1

Return to “DNS Server”



  • Board index
  • All times are UTC
  • Delete all board cookies
  • The team
Powered by phpBB® Forum Software © phpBB Limited
*Original Author: Brad Veryard
*Updated to 3.2 by MannixMD
 

 

Login  •  Register

I forgot my password