Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Port 53 DOS on 5505

A friend has an ASA 5505 that is getting DOS'd primarily from a couple of IPs at port 53.

The effect appears to be that the 5505 rebooted itself.  For the short term I told him to

turn off the logging for that rule thinking that perhaps the massive amount of logging for

all that deny activity is what caused the reboot.  And I suggested to put in specific deny

rules for the attacking IPs with no logging.  Are there other action that would help

deal with this kind of attack?  Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions

Port 53 DOS on 5505

Hello,

Tell your friend that you could configure some DDOS prevention actions on the firewall via the Modular Policy Framework (Timeouts, maximum amount of connections to a host or per-host, etc) but the real deal will be to go to the ISP and let them know what is going on... You want them to block that traffic at their circuit...

Why is that?

Because even if you block that traffic on your ASA, it already has taken bandwith that real and legitimate traffic might want to use it, Do you see the real problem here?

For Networking Posts check my blog at http://laguiadelnetworking.com/

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
2 REPLIES

Port 53 DOS on 5505

Hello,

Tell your friend that you could configure some DDOS prevention actions on the firewall via the Modular Policy Framework (Timeouts, maximum amount of connections to a host or per-host, etc) but the real deal will be to go to the ISP and let them know what is going on... You want them to block that traffic at their circuit...

Why is that?

Because even if you block that traffic on your ASA, it already has taken bandwith that real and legitimate traffic might want to use it, Do you see the real problem here?

For Networking Posts check my blog at http://laguiadelnetworking.com/

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

Port 53 DOS on 5505

Thanks much Julio!

150
Views
0
Helpful
2
Replies
CreatePlease to create content