Community discussions

MUM Europe 2020
 
hesaum
just joined
Topic Author
Posts: 22
Joined: Wed Jun 20, 2012 8:16 am

Defending DNS Amplification

Fri Jan 17, 2014 8:12 am

Hello,
Recently i had "DNS Amplification Attack" on my public dns , i used fail2ban to defend this attack .. it is good but i want stop traffic from firewall, how can i do ?

for info about DNS Amplification
http://blog.linuxjunkie.com/blog/2013/0 ... -isc-bind/

any suggestion...
Thanks
 
deejayq
Member Candidate
Member Candidate
Posts: 195
Joined: Wed Feb 23, 2011 8:33 am

Re: Defending DNS Amplification

Fri Jan 17, 2014 11:33 am

well you see, the answer is in the question, when you say you have a public dns
filter the traffic to allow requests from your clients only.
 
hesaum
just joined
Topic Author
Posts: 22
Joined: Wed Jun 20, 2012 8:16 am

Re: Defending DNS Amplification

Fri Jan 17, 2014 5:39 pm

hi
I have some web application on internet ,, i can not allow internal client only ..
 
samsung172
Forum Guru
Forum Guru
Posts: 1186
Joined: Sat Apr 04, 2009 3:45 am
Location: Østfold - Norway
Contact:

Re: Defending DNS Amplification

Sat Jan 18, 2014 2:30 am

hi
I have some web application on internet ,, i can not allow internal client only ..
run 2 DNS's . One for Your internal customers, recursive by an ACL and one none recursive, responding to your "outgoing" dns
 
deejayq
Member Candidate
Member Candidate
Posts: 195
Joined: Wed Feb 23, 2011 8:33 am

Re: Defending DNS Amplification

Sat Jan 18, 2014 7:10 pm

create a layer 7 filter that contains your site name (for instance example.com)
add a filter rule to block incoming udp packets to port 53 and which do not contain the layer 7 rule created before.
you could also do that for tcp packets

Who is online

Users browsing this forum: raystream and 48 guests