0 votes
Caveat: not actually an "issue report", but there isn't a topic, so I picked the closest one. Don't panic.


I've been running the MiniUPnP daemon for about six months, we've seen no such issue, but I was wondering if anyone else has seen an instance of this attack or even if there's any possibility of it being a zero-day on ClearOS?

I'm suspecting not, but I wanted to raise a yellow caution-flag in case anyone else had been under a rock for the past few days and hadn't heard about this. :(

Akamai folks found it on a number of router boxen for "home" use:

Eternal Silence attack

We're running:
ClearOS release 7.5.0 (Final), Kernel 3.10.0-862.11.6.v7.x86_64

Even though our installation doesn't appear to open this port, just to be safe, I added IPTABLES rule:

$ iptables -I INPUT 14 -i enp5s1 -p udp -m udp --dport 1900 -j DROP

which should drop any attempted connection to UDP port 1900 from the outside. It seems to work based on my limited testing and doesn't appear to damage anything else.

Anywhoo, just bringing this up because I felt pestered by it. :)

Happy firewalling everyone!

~Sam 'liverdonor' Felton
Thursday, November 29 2018, 09:03 PM
Share this post:
Responses (1)
  • Accepted Answer

    Thursday, December 06 2018, 04:30 PM - #Permalink
    0 votes
    I'm curious to know if you put a log function on your firewall rule if this is being hit.
    The reply is currently minimized Show
Your Reply