09-25-2013 01:34 PM - edited 03-11-2019 07:43 PM
Hi,
I am trying to block intrusion on DNS servers on Internet edge FWSM. Usually during an event there are a lot of (limit ia 1 Million) connection on DNS servers whic trigger FWSM mem and cpu to 100%. I have reducede UDP idle time to 1 minute.
What are other suggestions. I don't have IPS. The only defence is on FWSM. Can I create a policy that would limit number of connections from an outside source to say for example 500.
ANy other suggestions ?
Thanks
09-26-2013 02:17 PM
Hi Fawad,
Check the below link. It may give some idea...
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml
Thx
MS
09-26-2013 06:22 PM
hi
if you configured netflow check the the flow, enable dns inspection and dns gurd...
you can refer http://www.cisco.com/web/about/security/intelligence/dns-bcp.html
Thanks
Pranesh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: