--- Begin Message ---
TLDR:
- bug from before 2013 it seems, not a malicious takeover fortunately
- there is/was a software update
- best to tell customers to update gear.... (but not everybody has proper wifi
toys in house or cash... :( )
Off-list I got a few response from Jack who did some great googling, thanks
Jack!:
>From 8 years ago (2013) where Comcast had similar issues but with
>time-a.netgear.com + time-b.netgear.com
https://web.archive.org/web/20130608120955/http://dns.comcast.net/index.php/entry/some-netgear-routers-causing-flood-of-dns-queries
according to that there is a software update that could potentially.
There was apparently a forum thread at
http://forum1.netgear.com/showthread.php?t=74665 also referencing the same
32769 port number.
and there was a nanog thread from 2012 here:
https://marc.info/?l=nanog&m=134706378618540&w=2
Other threads mentioning the problem:
https://community.netgear.com/t5/General-WiFi-Routers-Non/Weird-WNDR3700-DNS-problem/td-p/509370
https://community.netgear.com/t5/General-WiFi-Routers-Non/Thousands-of-DNS-Requests-Per-Second/td-p/414710
So, as it is netgear, I can only appropriately quote:
https://www.youtube.com/watch?v=xhtrmebhqfw "I Am Jack's Complete Lack of
Surprise"
Time to tell those people to replace those "things that do wifi", an actual
quote of a customer; yes, our helpdesk guys get fun stuff, hi five to them too,
shout out to Dennis for doing the actually calling and dealing with people!
Greets,
Jeroen
--
> On 20201105, at 15:51, [email protected] wrote:
>
>> <many more, see attached log>
>> 14:23:58.147601 IP customer.32769 > 212.60.63.246.53: 17710+ A?
>> time-g.netgear.com. (36)
>> 14:23:58.147603 IP customer.32769 > 212.60.61.246.53: 17710+ A?
>> time-g.netgear.com. (36)
>> 14:23:58.147613 IP customer.32769 > 212.60.63.246.53: 17710+ A?
>> time-g.netgear.com. (36)
>> 14:23:58.147613 IP customer.32769 > 212.60.61.246.53: 17710+ A?
>> time-g.netgear.com. (36)
>> 14:23:58.147616 IP customer.32769 > 212.60.63.246.53: 17710+ A?
>> time-g.netgear.com. (36)
>> 14:23:58.147617 IP customer.32769 > 212.60.61.246.53: 17710+ A?
>> time-g.netgear.com. (36)
>> 14:23:58.147618 IP customer.32769 > 212.60.63.246.53: 17710+ A?
>> time-g.netgear.com. (36)
>> <many more>
> ...
>> * Has anybody seen similar situations in their recursives? (and what could
>> you do about it)
>
> We've seen it many times. Haven't normally followed up with customer
> (not enough of a problem to be worth while).
>
>> * Is this a on-device (netgear) issue or is this part of some kind of DoS
>> attempt?
>
> For us it looks like a Netgear issue, not an organized DoS attempt.
>
> Steinar Haug, AS2116
--- End Message ---
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
