Hello,
Recently i had “DNS Amplification Attack” on my public dns , i used fail2ban to defend this attack .. it is good but i want stop traffic from firewall, how can i do ?
for info about DNS Amplification
http://blog.linuxjunkie.com/blog/2013/04/20/dns-amplification-ddos-attack-isc-bind/
any suggestion…
Thanks
well you see, the answer is in the question, when you say you have a public dns
filter the traffic to allow requests from your clients only.
hi
I have some web application on internet , i can not allow internal client only ..
run 2 DNS’s . One for Your internal customers, recursive by an ACL and one none recursive, responding to your “outgoing” dns
create a layer 7 filter that contains your site name (for instance example.com)
add a filter rule to block incoming udp packets to port 53 and which do not contain the layer 7 rule created before.
you could also do that for tcp packets