Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Amazon Kindle, udp flood on port 53? [solved]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
ChrisJumper
Advocate
Advocate


Joined: 12 Mar 2005
Posts: 2206
Location: Germany

PostPosted: Wed Oct 01, 2014 7:15 pm    Post subject: Amazon Kindle, udp flood on port 53? [solved] Reply with quote

Hi,

since i presented my mother with an amazon Kinde i had a network crazy UDP Flood in my wireless Network:

Code:
20:12:04.797802 IP (tos 0x0, ttl 64, id 43064, offset 0, flags [DF], proto UDP (17), length 90)
    $DNSMASQ_SERVER_IP.53 > $KINDLEIP.34046: [udp sum ok] 48667 NXDomain q: A? i-8e220fcc-eu-west-1c.service.amazonsilk.com. 0/0/0 (62)
20:12:04.809192 IP (tos 0x0, ttl 64, id 6663, offset 0, flags [DF], proto UDP (17), length 90)
    $KINDLEIP.20759 > $DNSMASQ_SERVER_IP.53: [udp sum ok] 62164+ AAAA? i-8e220fcc-eu-west-1c.service.amazonsilk.com. (62)
20:12:04.809396 IP (tos 0x0, ttl 64, id 43065, offset 0, flags [DF], proto UDP (17), length 90)
    $DNSMASQ_SERVER_IP.53 > $KINDLEIP.20759: [udp sum ok] 62164 NXDomain q: AAAA? i-8e220fcc-eu-west-1c.service.amazonsilk.com. 0/0/0 (62)
20:12:04.812089 IP (tos 0x0, ttl 64, id 6663, offset 0, flags [DF], proto UDP (17), length 90)
    $KINDLEIP.53814 > $DNSMASQ_SERVER_IP.53: [udp sum ok] 35138+ A? i-8e220fcc-eu-west-1c.service.amazonsilk.com. (62)
20:12:04.812265 IP (tos 0x0, ttl 64, id 43066, offset 0, flags [DF], proto UDP (17), length 90)
    $DNSMASQ_SERVER_IP.53 > $KINDLEIP.53814: [udp sum ok] 35138 NXDomain q: A? i-8e220fcc-eu-west-1c.service.amazonsilk.com. 0/0/0 (62)


I found that Thread on opendns.com - Amazon DNS Service Route 53


I am not sure if i got it right.. but i think that behaviour looks like a Bug or a threat? The next time my mother used this device i will reconfigure it and disable the amazon service.

Any idea how i could just drop the DNS question from that device to the amazon services?

Additional information. The Kindle device is not in use. Its activated, Online in Stand by. The Device Cloud Services use the WLAN Connection. Seems like a normal usage. At first i thought this is some kind of Portscan from inside my wireless network.

But no, its just Amazon spying me or us with there devices.
Wikipedia: amazone Route 53
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum