topic Re: How to prevent DNS flooding in Security e-Series

How to prevent DNS flooding

IPS_User — Thu, 01 Dec 2011 02:50:47 GMT

I found that many DNS queries coming from Internet is sent to my DNS server every minutes. Although they query the valid domain name, the hostname is a fake & random generated value or the query type is ANY.

However, those traffic did not trigger any attack filter, and I am use 600 N series IPS, would you please tell me how I can prevent this attack?

Re: How to prevent DNS flooding

cenk sasmaztin — Sun, 11 Dec 2011 19:07:38 GMT

please try

filter 1350,1351,1352,1353,1354,1355

Re: How to prevent DNS flooding

IPS_User — Wed, 14 Dec 2011 01:42:28 GMT

Thank you for your information, Cenk Sasmaztin!

All your mentioned filters are enabled, but no triggered.

Re: How to prevent DNS flooding

cenk sasmaztin — Thu, 15 Dec 2011 23:16:34 GMT

may be use snort rules for dns attack

download snort rules from snort web site and convert tipping point filter with dv converter tool

please watch my video

http://youtu.be/JatIvCv4zow