Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
390
Views
0
Helpful
2
Replies

Prevent attacks on DNS Server on ASA/FWSM

S891
Level 2
Level 2

‎09-25-2013 01:34 PM - edited ‎03-11-2019 07:43 PM

Hi,

I am trying to block intrusion on DNS servers on Internet edge FWSM. Usually during an event there are a lot of (limit ia 1 Million) connection on DNS servers whic trigger FWSM mem and cpu to 100%. I have reducede UDP idle time to 1 minute.

What are other suggestions. I don't have IPS. The only defence is on FWSM. Can I create a policy that would limit number of connections from an outside source to say for example 500.

ANy other suggestions ?

Thanks

Labels:
0 Helpful
2 Replies 2

mvsheik123
Level 7
Level 7

‎09-26-2013 02:17 PM

Hi Fawad,

Check the below link. It may give some idea...

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml

Thx

MS

0 Helpful

pranesh deshpande
Level 1
Level 1
In response to mvsheik123

‎09-26-2013 06:22 PM

hi

if you configured netflow check the the flow, enable dns inspection and dns gurd...

you can refer http://www.cisco.com/web/about/security/intelligence/dns-bcp.html

Thanks

Pranesh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card