WiFi router with inbound packet filtering

mzahan · Mar 29, 2017

Hi everyone,

For the last three days I've been under a constant DNS DDoS atack. I've asked my ISP to filter those packets and it won't budge. So, I'm fed up with these bot-kiddies and I need a WiFi router which has the capability to filter WAN inbound packets based on various criteria, in this specific case, based on packet content inspection.

Anyone knows of such a router at an affordable price? I'm not talking about those high-end Cisco routers that are worth a fortune.

Thank you.

kanewolf · Mar 29, 2017

If you are attacked by a DDOS, then your end point router is too late. Your bandwidth is already used up at that point. Your ISP is the only one that can take meaningful action. You could ask your ISP to change your WAN IP address.

newbcakes · Mar 29, 2017

so... you're hosting a website or something on a leased IP and script-kiddies are spamming you? If you change your WAN address per what kanewolf has stated (which I agree with), but you're hosting something that would simply expose your new IP, then you've lost.

So... why are you a target of a DDOS attack?

mzahan · Mar 29, 2017

@kanewolf: changing the IP would accomplish nothing, it's a DNS attack, the new IP will be picked up as soon as it has propagated to the DNS servers.

@newbcakes: yes, I'm hosting my own domain and email server. Why am I a target? Beats me, I don't even host a site (yet), only email and ftp. I'm not even visible on Google, I'm the smallest tiniest fish in the web pond.

bill001g · Mar 29, 2017

You are pretty much screwed then. Part of the reason to put servers like this in hosting centers. Hosting centers have more options and much more capacity.

Someone will not just do this randomly. It costs money to lease the botnets. It is not some program some silly teenager can run on their pc.

mzahan · Mar 29, 2017

bill001g: ok, I get the picture.

I've been reading about packet filtering and it looks like it requires A LOT of processing power, hence the routers that are worth a fortune.
So, I'll lower the bar and ask for a router that has the capability of blocking WAN IPs.

I know it's a long shot given the distributed nature of the attack, but at least I can block the top 50 (or so) IPs that are causing the most of the DNS traffic. That would certainly not free the bandwidth, but it will not send back UDP replies. As of now, the only option was to configure my DNS server to deny the requests, which is sending back a reply with "denied". So, maybe if the server is silent, they will quit attacking it eventually.

bill001g · Mar 29, 2017

Unless you mean they are directly attacking the ports you have open on your server all ports you do not have port forwarded on your router are dropped with no reply.

Now if you mean they attacking the email server on the allowed port maybe you can do something. Your server could also just be set to not respond. Email servers are the most attacked servers but not by DDoS they are trying to hack it to use it as a spam mail bot. This is also the reason most isp block port 25 because the are attacked all the time but few people know how to protect their systems.

mzahan · Mar 29, 2017

@bill001g: no man, this is a DDoS *DNS* attack, they're attacking my DNS server with LOTS of DNS requests. My email server is just fine.

bill001g · Mar 29, 2017

A lot of routers can do filtering the better ones say they have a firewall. It may be simpler to just put a list of routes in your server for those ip and point it to a null or to a dummy ip. That will prevent the server from actually being able to return the data. A list of routes is less taxing that a list of firewall rules, some routers you could do this also but both the number of firewall rules and number of static routes tends to be limited. Now I suppose you could buy a small commercial firewall like a juniper or cisco but unless it is actually crashing your server the server should be able to handle the problem better than a router.

mzahan · Mar 30, 2017

I don't think I can apply static routing on the DNS server, because the router performs NAT, so the packets reaching the server don't have the original IP anymore.

bill001g · Mar 30, 2017

It would be extremely unusual installation to nat the internet address. Normally you are only natting the local address.

mzahan · Mar 30, 2017

So when NATing the internet IP is preserved! That I didn't know, I always assumed it was being replaced with the router's intranet IP. Then I guess static routing it is (on the DNS server). I'll give it a try. Thanks

mzahan · Mar 30, 2017

Works like a charm, no more outbound packets. Thanks Bill

Search

WiFi router with inbound packet filtering

mzahan

Prominent

bill001g

kanewolf

Titan

newbcakes

Honorable

mzahan

Prominent

bill001g

Titan

mzahan

Prominent

bill001g

Titan

mzahan

Prominent

bill001g

Titan

mzahan

Prominent

bill001g

Titan

mzahan

Prominent

mzahan

Prominent

TRENDING THREADS

Latest posts

Moderators online

Share this page