We are receiving thousands of "Deny inbound UDP from x.x.x.x/53 to x.x.x.x/2713 due to DNS Response" per minute on our ASA 5510. All of the responses are destined to a signal one of our external IP's. This is overloading the our ASA and preventing traffic getting out to the Internet during these attacks. Anyone have any suggestions as to what we can do to mitigate this problem? Thanks
The Cisco TAC - Engineer we spoke to recommended we allow any any udp port 53 inbound to correct the problem. I don't see how allowing udp port 53 traffic into our network would solve the problem but it with stop the deny messages. Does this sound like a good idea?
If this really is an attack then allowing the traffic into your network is not the correct action!
How is the problem manifesting itself? If the outbound link is being saturated with traffic then talk to your ISP
If you think the volume of syslog messages on your ASA is causing a performance problem, then you can configure the message ID to appear at a higher syslog level so that it does not appear at your current logging level. Obviously this would be in effect for all messages of this type so you may not be aware of similar attacks taking place.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...