Submit Search
Upload
How to Prevent DNS Attacks on MikroTik.pdf
•
0 likes
•
133 views
A
AkashaC1
Follow
How to Prevent DNS Attacks on MikroTik
Read less
Read more
Technology
Report
Share
Report
Share
1 of 20
Download now
Download to read offline
Recommended
Config RouterOS openVPN.pdf
Config RouterOS openVPN.pdf
AkashaC1
联想网御千兆防火墙
联想网御千兆防火墙
cnliutao
使用Nginx轻松实现开源负载均衡——对外版
使用Nginx轻松实现开源负载均衡——对外版
pigso
使用Nginx轻松实现开源负载均衡
使用Nginx轻松实现开源负载均衡
guest2d0fe3
使用Nginx轻松实现开源负载均衡
使用Nginx轻松实现开源负载均衡
Cary Yang
Nginx+常见应用技术指南
Nginx+常见应用技术指南
andy54321
实时消息推送系统
实时消息推送系统
Yi Feng Yang
翻墙方案分享
翻墙方案分享
henix
Recommended
Config RouterOS openVPN.pdf
Config RouterOS openVPN.pdf
AkashaC1
联想网御千兆防火墙
联想网御千兆防火墙
cnliutao
使用Nginx轻松实现开源负载均衡——对外版
使用Nginx轻松实现开源负载均衡——对外版
pigso
使用Nginx轻松实现开源负载均衡
使用Nginx轻松实现开源负载均衡
guest2d0fe3
使用Nginx轻松实现开源负载均衡
使用Nginx轻松实现开源负载均衡
Cary Yang
Nginx+常见应用技术指南
Nginx+常见应用技术指南
andy54321
实时消息推送系统
实时消息推送系统
Yi Feng Yang
翻墙方案分享
翻墙方案分享
henix
如何建立IPSEC VPN
如何建立IPSEC VPN
sharetech
Elk 1-0831
Elk 1-0831
Mike Chao
Debian Policy - 5.6.12 Version
Debian Policy - 5.6.12 Version
Shih-Yuan Lee
ZeroMQ简介
ZeroMQ简介
Xu Wang
Windows 10 install mysql 8.0.16
Windows 10 install mysql 8.0.16
songwenxuan2020
基于Tornado后端系统架构暨最佳实践
基于Tornado后端系统架构暨最佳实践
ZY Zhang
为什么上网浏览要用Shadowsocks?
为什么上网浏览要用Shadowsocks?
zzzzzz gg
文献Vpn使用简介和入门
文献Vpn使用简介和入门
BEIJING DREAMS CONSULTANCY CO.,LTD
OpenStack Neutron Introduction
OpenStack Neutron Introduction
Liang Bo
Ubuntu 下安装 svn 服务器
Ubuntu 下安装 svn 服务器
wensheng wei
Container Security
Container Security
LinuxCon ContainerCon CloudOpen China
网络攻击与防御-tseek
网络攻击与防御-tseek
hamaci
看14頁 ssl-vpn-20101006
看14頁 ssl-vpn-20101006
Bo-Yaun Hsu
Oracle enterprise manager cloud control 12c release 5 installation on oracle ...
Oracle enterprise manager cloud control 12c release 5 installation on oracle ...
Zhaoyang Wang
Syslog Ng
Syslog Ng
flytod
Vitualbox
Vitualbox
fengxiaoqiang
Track2 -刘继伟--openstack in gamewave
Track2 -刘继伟--openstack in gamewave
OpenCity Community
构建ActionScript游戏服务器,支持超过15000并发连接
构建ActionScript游戏服务器,支持超过15000并发连接
Renaun Erickson
Python小团队不妨知道的技术
Python小团队不妨知道的技术
jie.wang
AR Implementation 1 2016.10.20
AR Implementation 1 2016.10.20
AkashaC1
AR Implementation 2
AR Implementation 2
AkashaC1
Post article to KM with Python
Post article to KM with Python
AkashaC1
More Related Content
What's hot
如何建立IPSEC VPN
如何建立IPSEC VPN
sharetech
Elk 1-0831
Elk 1-0831
Mike Chao
Debian Policy - 5.6.12 Version
Debian Policy - 5.6.12 Version
Shih-Yuan Lee
ZeroMQ简介
ZeroMQ简介
Xu Wang
Windows 10 install mysql 8.0.16
Windows 10 install mysql 8.0.16
songwenxuan2020
基于Tornado后端系统架构暨最佳实践
基于Tornado后端系统架构暨最佳实践
ZY Zhang
为什么上网浏览要用Shadowsocks?
为什么上网浏览要用Shadowsocks?
zzzzzz gg
文献Vpn使用简介和入门
文献Vpn使用简介和入门
BEIJING DREAMS CONSULTANCY CO.,LTD
OpenStack Neutron Introduction
OpenStack Neutron Introduction
Liang Bo
Ubuntu 下安装 svn 服务器
Ubuntu 下安装 svn 服务器
wensheng wei
Container Security
Container Security
LinuxCon ContainerCon CloudOpen China
网络攻击与防御-tseek
网络攻击与防御-tseek
hamaci
看14頁 ssl-vpn-20101006
看14頁 ssl-vpn-20101006
Bo-Yaun Hsu
Oracle enterprise manager cloud control 12c release 5 installation on oracle ...
Oracle enterprise manager cloud control 12c release 5 installation on oracle ...
Zhaoyang Wang
Syslog Ng
Syslog Ng
flytod
Vitualbox
Vitualbox
fengxiaoqiang
Track2 -刘继伟--openstack in gamewave
Track2 -刘继伟--openstack in gamewave
OpenCity Community
构建ActionScript游戏服务器,支持超过15000并发连接
构建ActionScript游戏服务器,支持超过15000并发连接
Renaun Erickson
Python小团队不妨知道的技术
Python小团队不妨知道的技术
jie.wang
What's hot
(19)
如何建立IPSEC VPN
如何建立IPSEC VPN
Elk 1-0831
Elk 1-0831
Debian Policy - 5.6.12 Version
Debian Policy - 5.6.12 Version
ZeroMQ简介
ZeroMQ简介
Windows 10 install mysql 8.0.16
Windows 10 install mysql 8.0.16
基于Tornado后端系统架构暨最佳实践
基于Tornado后端系统架构暨最佳实践
为什么上网浏览要用Shadowsocks?
为什么上网浏览要用Shadowsocks?
文献Vpn使用简介和入门
文献Vpn使用简介和入门
OpenStack Neutron Introduction
OpenStack Neutron Introduction
Ubuntu 下安装 svn 服务器
Ubuntu 下安装 svn 服务器
Container Security
Container Security
网络攻击与防御-tseek
网络攻击与防御-tseek
看14頁 ssl-vpn-20101006
看14頁 ssl-vpn-20101006
Oracle enterprise manager cloud control 12c release 5 installation on oracle ...
Oracle enterprise manager cloud control 12c release 5 installation on oracle ...
Syslog Ng
Syslog Ng
Vitualbox
Vitualbox
Track2 -刘继伟--openstack in gamewave
Track2 -刘继伟--openstack in gamewave
构建ActionScript游戏服务器,支持超过15000并发连接
构建ActionScript游戏服务器,支持超过15000并发连接
Python小团队不妨知道的技术
Python小团队不妨知道的技术
More from AkashaC1
AR Implementation 1 2016.10.20
AR Implementation 1 2016.10.20
AkashaC1
AR Implementation 2
AR Implementation 2
AkashaC1
Post article to KM with Python
Post article to KM with Python
AkashaC1
2018 Week 7 Data Analysis
2018 Week 7 Data Analysis
AkashaC1
2018 Week 5 DHT11
2018 Week 5 DHT11
AkashaC1
2018 Week 4 PIR
2018 Week 4 PIR
AkashaC1
2018 Week 15 Speech Recognition
2018 Week 15 Speech Recognition
AkashaC1
2018 Week 15 Speaker
2018 Week 15 Speaker
AkashaC1
2018 Week 14 HC-SR04
2018 Week 14 HC-SR04
AkashaC1
2018 Week 13 Servo Motor
2018 Week 13 Servo Motor
AkashaC1
2018 Week 12 Data Storage and Visualization
2018 Week 12 Data Storage and Visualization
AkashaC1
2018 Week 11 Bluetooth and Wi-Fi
2018 Week 11 Bluetooth and Wi-Fi
AkashaC1
2018 Week 10 Read Time Data Sending
2018 Week 10 Read Time Data Sending
AkashaC1
2018 Week 10 IoT and Robot
2018 Week 10 IoT and Robot
AkashaC1
2018 Week 8 Relay
2018 Week 8 Relay
AkashaC1
2018 Week 8 IoT and Wearable Devices
2018 Week 8 IoT and Wearable Devices
AkashaC1
2018 Week 7 Photoresistor
2018 Week 7 Photoresistor
AkashaC1
2018 Week 16 Computer Vision
2018 Week 16 Computer Vision
AkashaC1
2018 Week 4 Data Storage
2018 Week 4 Data Storage
AkashaC1
2018 Week 3 Sending and Processing Data
2018 Week 3 Sending and Processing Data
AkashaC1
More from AkashaC1
(20)
AR Implementation 1 2016.10.20
AR Implementation 1 2016.10.20
AR Implementation 2
AR Implementation 2
Post article to KM with Python
Post article to KM with Python
2018 Week 7 Data Analysis
2018 Week 7 Data Analysis
2018 Week 5 DHT11
2018 Week 5 DHT11
2018 Week 4 PIR
2018 Week 4 PIR
2018 Week 15 Speech Recognition
2018 Week 15 Speech Recognition
2018 Week 15 Speaker
2018 Week 15 Speaker
2018 Week 14 HC-SR04
2018 Week 14 HC-SR04
2018 Week 13 Servo Motor
2018 Week 13 Servo Motor
2018 Week 12 Data Storage and Visualization
2018 Week 12 Data Storage and Visualization
2018 Week 11 Bluetooth and Wi-Fi
2018 Week 11 Bluetooth and Wi-Fi
2018 Week 10 Read Time Data Sending
2018 Week 10 Read Time Data Sending
2018 Week 10 IoT and Robot
2018 Week 10 IoT and Robot
2018 Week 8 Relay
2018 Week 8 Relay
2018 Week 8 IoT and Wearable Devices
2018 Week 8 IoT and Wearable Devices
2018 Week 7 Photoresistor
2018 Week 7 Photoresistor
2018 Week 16 Computer Vision
2018 Week 16 Computer Vision
2018 Week 4 Data Storage
2018 Week 4 Data Storage
2018 Week 3 Sending and Processing Data
2018 Week 3 Sending and Processing Data
How to Prevent DNS Attacks on MikroTik.pdf
1.
How to Prevent
DNS Attacks on MikroTik 2022/4/4
2.
設定WAN IP位址 讓MikroTik成為一個Caching DNS
Server 2
3.
設定該Interface的IP 3.3.3.3/24 3
4.
4
5.
表示該MikroTik對外提供DNS查詢服務。 使MikroTik成為一個Caching DNS Server。 同時,WAN的IP開放提供DNS網域查詢服務, 因此也稱為”開放式DNS遞迴解析伺服器”
(Open DNS Recursive Resolver或 DNS Recursor), 如:Google的8.8.8.8。 8.8.8.8 8.8.4.4 5
6.
測試 ping youtube.com 6
7.
7
8.
8
9.
9
10.
隱憂 10
11.
易造成 • DNS 快取記憶體中毒
(DNS cache poisoning) • DNS 反射/放大攻擊 (DNS Reflection/Amplification Attack) • DNS洪水攻擊 (DNS Flood Attack) • ….等 11
12.
設定防火牆預防DNS攻擊 12
13.
13
14.
14
15.
15
16.
16
17.
17 新增的兩個防火牆規則
18.
測試ping google.com和youtube.com 18
19.
19 完成
20.
參考資料 • CLOUDFLARE DNS放大攻擊 •
CLOUDFLARE DNS 快取記憶體中毒 • CLOUDFLARE DNS 伺服器有哪些不同類型? • 清華大學 Open DNS resolver 的問題 • open DNS resolver測試網站 20
Download now