Internet

Need Help?

That's what we're here for! The goal of the Rogers Community is to help you find answers on everything Rogers. Can't find what you're looking for? Just ask!
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted

Rogers DNS servers - possible security issue?

[ Edited ]
I Plan to Stick Around
Posts: 104

Rogers DNS servers - possible security issue?

[ Edited ]

@CommunityHelps

 

I'm seeing a significant amount of unsolicited inbound traffic from Rogers' DNS servers, trying to establish a UDP connection on multiple ports on my internet connection from port 53 on the servers.

Note: this is not response traffic to an outbound query - this is unsolicited inbound targetting multiple IANA User Ports & Dynamic Ports.  My firewall is successfully blocking these "attacks".

 

This is from the past two hours:

 

Servers:

67.231.208.232:53
pub-cdns7-ym-eth1.rpub.net.rogers.com

 

209.148.131.39:53
pub-cdns4-mtnk-eth1.rpub.net.rogers.com

 

67.231.208.234:53
pub-cdns9-ym-eth1.rpub.net.rogers.com

 

67.231.208.235:53
pub-cdns10-ym-eth1.rpub.net.rogers.com

 

67.231.208.226:53
pub-cdns1-ym-eth1.rpub.net.rogers.com

 

209.148.131.42:53
pub-cdns7-mtnk-eth1.rpub.net.rogers.com

 

209.148.131.43:53
pub-cdns8-mtnk-eth1.rpub.net.rogers.com

 

209.148.131.38:53
pub-cdns3-mtnk-eth1.rpub.net.rogers.com

 

67.231.208.231:53
pub-cdns6-ym-eth1.rpub.net.rogers.com

 

67.231.208.233:53
pub-cdns8-ym-eth1.rpub.net.rogers.com

 

67.231.208.230:53
pub-cdns5-ym-eth1.rpub.net.rogers.com

 

209.148.131.44:53
pub-cdns9-mtnk-eth1.rpub.net.rogers.com

 

209.148.131.45:53
pub-cdns10-mtnk-eth1.rpub.net.rogers.com

 

209.148.131.41:53
pub-cdns6-mtnk-eth1.rpub.net.rogers.com

 

67.231.208.229:53
pub-cdns4-ym-eth1.rpub.net.rogers.com

 

209.148.131.40:53
pub-cdns5-mtnk-eth1.rpub.net.rogers.com

 

67.231.208.228:53
pub-cdns3-ym-eth1.rpub.net.rogers.com

 

209.148.131.36:53
pub-cdns1-mtnk-eth1.rpub.net.rogers.com

 

67.231.208.227:53
pub-cdns2-ym-eth1.rpub.net.rogers.com

 

209.148.131.37:53
pub-cdns2-mtnk-eth1.rpub.net.rogers.com

 

Please advise.

 

*Edited Labels*

Re: Rogers DNS servers - possible security issue?

Network Architect
Posts: 398

Re: Rogers DNS servers - possible security issue?

Hi @Double_K,

 

I started discussing this with our DNS engineering team and they are asking if you would have a traffic capture available for that.

 

If you can, reach out to me via PM and we'll see how you can sent that out to me.

 

Dave

Re: Rogers DNS servers - possible security issue?

I Plan to Stick Around
Posts: 104

Re: Rogers DNS servers - possible security issue?

PM Sent

Re: Rogers DNS servers - possible security issue?

I Plan to Stick Around
Posts: 104

Re: Rogers DNS servers - possible security issue?

Just to close this off for anyone else reading this in the future.

 

This was not a security issue.

 

The Rogers DNS team has investigated and it appears it's a load-balancer/caching server timing issue for non-existent domains and the fact that my firewall rejects responses from servers it doesn't initiate contact with.

 

@RogersMoin can you please close this thread?

Topic Stats
  • 3 replies
  • 609 views
  • 2 Likes
  • 2 in conversation