Community discussions

 
User avatar
karo84
Member Candidate
Member Candidate
Topic Author
Posts: 194
Joined: Fri Aug 17, 2007 9:06 am

How To Limit Or Protect DNS Atacks

Wed Nov 14, 2007 9:09 pm

How To Protect DNS Attacks Thanks
UDP 53 port How To Limit By SRC address

Thanks
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6616
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: How To Limit Or Protect DNS Atacks

Wed Dec 05, 2007 9:59 am

You may use firewall to filter packets destined to 53 port.
chain=input to protect your router.
chain=forward to protect customers.
 
User avatar
balimore
Forum Veteran
Forum Veteran
Posts: 892
Joined: Mon Apr 10, 2006 3:38 am

Re: How To Limit Or Protect DNS Atacks

Wed Dec 05, 2007 2:55 pm

----
Hai fren
yes, we allowed private dns only, and our client can't use DNS's isp... nice :wink:
as sergejs's suggested, i run since 2 years ago.

regards
Hasbullah.com
----
 
User avatar
karo84
Member Candidate
Member Candidate
Topic Author
Posts: 194
Joined: Fri Aug 17, 2007 9:06 am

Re: How To Limit Or Protect DNS Atacks

Wed Dec 05, 2007 3:11 pm

Yes I understand I have firewall rules, that are working fine, but I need to limit DNS requests somehow.
Sometimes I see DNS does not work on my router (ROS 2.9.50), when I torch the interfaces, I see that someone from my clients attacks (DNS UDP port 53 a lot of requests). How can I solve this problem, or may be you can give any script blocking such client for a while ?



Thanks
With Regards Karapet Aznavuryan
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6616
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: How To Limit Or Protect DNS Atacks

Wed Dec 05, 2007 3:57 pm

Specify to block what exactly.

1) you may block this user traffic sent over router at all by firewall chain=forward
2) you may block this user traffic sent to router at all by firewall chain=input
3) you may block DNS traffic from this user sent over router by firewall chain=forward
4) you may block DNS traffic from this user sent to router by firewall chain=input
 
User avatar
balimore
Forum Veteran
Forum Veteran
Posts: 892
Joined: Mon Apr 10, 2006 3:38 am

Re: How To Limit Or Protect DNS Atacks

Wed Dec 05, 2007 4:14 pm

----
Hai again,

no, i think enough without any scripts and i had 2 rules about it.
src-address=!my_isp_address_list protocol=udp action=drop port=53 chain=input
dst-address=!my_private_dns protocol=udp port=53 action=drop chain=forward

and i have another rules like that for central ntp[port=123] too.

regards
Hasbullah.com
----
Yes I understand I have firewall rules, that are working fine, but I need to limit DNS requests somehow.
Sometimes I see DNS does not work on my router (ROS 2.9.50), when I torch the interfaces, I see that someone from my clients attacks (DNS UDP port 53 a lot of requests). How can I solve this problem, or may be you can give any script blocking such client for a while ?



Thanks
With Regards Karapet Aznavuryan
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8319
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: How To Limit Or Protect DNS Atacks

Wed Dec 05, 2007 5:10 pm

you may use 'limit' filter in firewall rules to limit packet rate

or use queue for dns requests
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
hattmardy
just joined
Posts: 9
Joined: Sat Jun 10, 2006 7:49 pm

Re: How To Limit Or Protect DNS Atacks

Thu Dec 06, 2007 1:22 am

 
User avatar
karo84
Member Candidate
Member Candidate
Topic Author
Posts: 194
Joined: Fri Aug 17, 2007 9:06 am

Re: How To Limit Or Protect DNS Atacks

Thu Dec 06, 2007 1:59 am

Chupaka

May Be You can give some examples, how to use dns limit?
I'll be very glad to see them,
Now I'm trying to limit them by the following
/ip firewall filter
add chain=input action=accept dst-port=53 protocol=udp limit=2400/1m,5 comment="limited dns" disabled=no 
add chain=input action=accept dst-port=53 protocol=udp comment="allowed dns" disabled=no 
I need something like that, can You help me?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8319
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: How To Limit Or Protect DNS Atacks

Thu Dec 06, 2007 3:31 am

Chupaka

May Be You can give some examples, how to use dns limit?
I'll be very glad to see them,
Now I'm trying to limit them by the following
/ip firewall filter
add chain=input action=accept dst-port=53 protocol=udp limit=2400/1m,5 comment="limited dns" disabled=no 
add chain=input action=accept dst-port=53 protocol=udp comment="allowed dns" disabled=no 
I need something like that, can You help me?
/ip firewall filter
add chain=input action=accept dst-port=53 protocol=udp limit=2400/1m comment="limited dns" disabled=no 
add chain=input action=drop dst-port=53 protocol=udp comment="all others go to hell" disabled=no 
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
elsereturn
just joined
Posts: 1
Joined: Wed Jan 15, 2014 11:23 am

Re: How To Limit Or Protect DNS Atacks

Wed Jan 15, 2014 11:28 am

Chupaka

May Be You can give some examples, how to use dns limit?
I'll be very glad to see them,
Now I'm trying to limit them by the following
/ip firewall filter
add chain=input action=accept dst-port=53 protocol=udp limit=2400/1m,5 comment="limited dns" disabled=no 
add chain=input action=accept dst-port=53 protocol=udp comment="allowed dns" disabled=no 
I need something like that, can You help me?
/ip firewall filter
add chain=input action=accept dst-port=53 protocol=udp limit=2400/1m comment="limited dns" disabled=no 
add chain=input action=drop dst-port=53 protocol=udp comment="all others go to hell" disabled=no 
I Registered to thank you Chupaka! It really helps me.
 
kozmonov
newbie
Posts: 34
Joined: Mon Dec 19, 2011 1:14 am

Re: How To Limit Or Protect DNS Atacks

Sat Jul 05, 2014 8:07 pm

If using chain=forward; wouldn't that block customers DNS queries if they decided to use a public DNS?

How might you implement protection from DNS attacks on customers CPE's from the Core Router?

Who is online

Users browsing this forum: No registered users and 82 guests