SRX Services Gateway
Highlighted
SRX Services Gateway

A lot of DNS requests from one source.

‎05-05-2014 03:15 AM

Hi juniper team,

 

We faced with a udp attack on our DNS servers behind the SRX5800 .
For example: from one source ip our DNS server gets a lot of url requests (about 100 -1000 pps per session). So, could we use udp-sweep protection with this case?

http://www.juniper.net/techpubs/en_US/junos12.1/topics/reference/configuration-statement/security-ed...

 

Regards,

Konstantin

2 REPLIES 2
Highlighted
SRX Services Gateway

Re: A lot of DNS requests from one source.

‎05-05-2014 04:25 AM

Hello Konstantin

 

You need to block the traffic even before the flow.

If it is an unknown IP, then you could create a filter and block traffic from it.

 

Sample terms for firewall filter:

 

term block-traffic {
    from {
        source-address {
            <attacker-addresses>;
        }
    then {
        discard;
    }
}

term default {
         then {
              accept;
            }
        }
  }

 

Regards,

Raveen

Note: If this answers your question, you could mark this post as accepted solution, that way it helps others as well. Kudos will be cool if I earned it!
Highlighted
SRX Services Gateway

Re: A lot of DNS requests from one source.

‎05-05-2014 04:56 AM

HI Raveen,

 

Thank you for response. But the major problem is that source ip addresses can be different and changes.

 

Regards,

Konstantin

Feedback