×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Port 53 DOS on 5505

Answered Question
Jul 12th, 2013
User Badges:

A friend has an ASA 5505 that is getting DOS'd primarily from a couple of IPs at port 53.

The effect appears to be that the 5505 rebooted itself.  For the short term I told him to

turn off the logging for that rule thinking that perhaps the massive amount of logging for

all that deny activity is what caused the reboot.  And I suggested to put in specific deny

rules for the attacking IPs with no logging.  Are there other action that would help

deal with this kind of attack?  Thanks.

Correct Answer by Julio Carvajal about 4 years 1 month ago

Hello,


Tell your friend that you could configure some DDOS prevention actions on the firewall via the Modular Policy Framework (Timeouts, maximum amount of connections to a host or per-host, etc) but the real deal will be to go to the ISP and let them know what is going on... You want them to block that traffic at their circuit...


Why is that?


Because even if you block that traffic on your ASA, it already has taken bandwith that real and legitimate traffic might want to use it, Do you see the real problem here?



For Networking Posts check my blog at http://laguiadelnetworking.com/

Cheers,

Julio Carvajal Segura

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Julio Carvajal Fri, 07/12/2013 - 10:58
User Badges:
  • Purple, 4500 points or more

Hello,


Tell your friend that you could configure some DDOS prevention actions on the firewall via the Modular Policy Framework (Timeouts, maximum amount of connections to a host or per-host, etc) but the real deal will be to go to the ISP and let them know what is going on... You want them to block that traffic at their circuit...


Why is that?


Because even if you block that traffic on your ASA, it already has taken bandwith that real and legitimate traffic might want to use it, Do you see the real problem here?



For Networking Posts check my blog at http://laguiadelnetworking.com/

Cheers,

Julio Carvajal Segura

Actions

This Discussion