How To Protect DNS Attacks Thanks
UDP 53 port How To Limit By SRC address
Thanks
Re: How To Limit Or Protect DNS Atacks
You may use firewall to filter packets destined to 53 port.
chain=input to protect your router.
chain=forward to protect customers.
chain=input to protect your router.
chain=forward to protect customers.
Re: How To Limit Or Protect DNS Atacks
----
Hai fren
yes, we allowed private dns only, and our client can't use DNS's isp... nice
as sergejs's suggested, i run since 2 years ago.
regards
Hasbullah.com
----
Hai fren
yes, we allowed private dns only, and our client can't use DNS's isp... nice
as sergejs's suggested, i run since 2 years ago.
regards
Hasbullah.com
----
Re: How To Limit Or Protect DNS Atacks
Yes I understand I have firewall rules, that are working fine, but I need to limit DNS requests somehow.
Sometimes I see DNS does not work on my router (ROS 2.9.50), when I torch the interfaces, I see that someone from my clients attacks (DNS UDP port 53 a lot of requests). How can I solve this problem, or may be you can give any script blocking such client for a while ?
Thanks
With Regards Karapet Aznavuryan
Sometimes I see DNS does not work on my router (ROS 2.9.50), when I torch the interfaces, I see that someone from my clients attacks (DNS UDP port 53 a lot of requests). How can I solve this problem, or may be you can give any script blocking such client for a while ?
Thanks
With Regards Karapet Aznavuryan
Re: How To Limit Or Protect DNS Atacks
Specify to block what exactly.
1) you may block this user traffic sent over router at all by firewall chain=forward
2) you may block this user traffic sent to router at all by firewall chain=input
3) you may block DNS traffic from this user sent over router by firewall chain=forward
4) you may block DNS traffic from this user sent to router by firewall chain=input
1) you may block this user traffic sent over router at all by firewall chain=forward
2) you may block this user traffic sent to router at all by firewall chain=input
3) you may block DNS traffic from this user sent over router by firewall chain=forward
4) you may block DNS traffic from this user sent to router by firewall chain=input
Re: How To Limit Or Protect DNS Atacks
----
Hai again,
no, i think enough without any scripts and i had 2 rules about it.
src-address=!my_isp_address_list protocol=udp action=drop port=53 chain=input
dst-address=!my_private_dns protocol=udp port=53 action=drop chain=forward
and i have another rules like that for central ntp[port=123] too.
regards
Hasbullah.com
----
Hai again,
no, i think enough without any scripts and i had 2 rules about it.
src-address=!my_isp_address_list protocol=udp action=drop port=53 chain=input
dst-address=!my_private_dns protocol=udp port=53 action=drop chain=forward
and i have another rules like that for central ntp[port=123] too.
regards
Hasbullah.com
----
Yes I understand I have firewall rules, that are working fine, but I need to limit DNS requests somehow.
Sometimes I see DNS does not work on my router (ROS 2.9.50), when I torch the interfaces, I see that someone from my clients attacks (DNS UDP port 53 a lot of requests). How can I solve this problem, or may be you can give any script blocking such client for a while ?
Thanks
With Regards Karapet Aznavuryan
Re: How To Limit Or Protect DNS Atacks
you may use 'limit' filter in firewall rules to limit packet rate
or use queue for dns requests
or use queue for dns requests
Re: How To Limit Or Protect DNS Atacks
Chupaka
May Be You can give some examples, how to use dns limit?
I'll be very glad to see them,
Now I'm trying to limit them by the following
I need something like that, can You help me?
May Be You can give some examples, how to use dns limit?
I'll be very glad to see them,
Now I'm trying to limit them by the following
Code: Select all
/ip firewall filter
add chain=input action=accept dst-port=53 protocol=udp limit=2400/1m,5 comment="limited dns" disabled=no
add chain=input action=accept dst-port=53 protocol=udp comment="allowed dns" disabled=no
Re: How To Limit Or Protect DNS Atacks
Chupaka
May Be You can give some examples, how to use dns limit?
I'll be very glad to see them,
Now I'm trying to limit them by the followingI need something like that, can You help me?Code: Select all/ip firewall filter add chain=input action=accept dst-port=53 protocol=udp limit=2400/1m,5 comment="limited dns" disabled=no add chain=input action=accept dst-port=53 protocol=udp comment="allowed dns" disabled=no
Code: Select all
/ip firewall filter
add chain=input action=accept dst-port=53 protocol=udp limit=2400/1m comment="limited dns" disabled=no
add chain=input action=drop dst-port=53 protocol=udp comment="all others go to hell" disabled=no
-
-
elsereturn
just joined
- Posts: 1
- Joined:
Re: How To Limit Or Protect DNS Atacks
I Registered to thank you Chupaka! It really helps me.Chupaka
May Be You can give some examples, how to use dns limit?
I'll be very glad to see them,
Now I'm trying to limit them by the followingI need something like that, can You help me?Code: Select all/ip firewall filter add chain=input action=accept dst-port=53 protocol=udp limit=2400/1m,5 comment="limited dns" disabled=no add chain=input action=accept dst-port=53 protocol=udp comment="allowed dns" disabled=noCode: Select all/ip firewall filter add chain=input action=accept dst-port=53 protocol=udp limit=2400/1m comment="limited dns" disabled=no add chain=input action=drop dst-port=53 protocol=udp comment="all others go to hell" disabled=no
Re: How To Limit Or Protect DNS Atacks
If using chain=forward; wouldn't that block customers DNS queries if they decided to use a public DNS?
How might you implement protection from DNS attacks on customers CPE's from the Core Router?
How might you implement protection from DNS attacks on customers CPE's from the Core Router?