Hi It is a common problem and can best be prevented configuring your DNS server to limit recursion (lookup requests of non local or authoritive domains) to the internal network and trusted Internet IP addresses only. All other solutions you may just delay or limit normal dns server responses Most DNS server software does that very simple and if it is a internal machine doing this , block udp/tcp requests to port 53 from that address to your server using pf until resolved.
Regards Torsten -----Original Message----- From: owner-freebsd...@freebsd.org [mailto:owner-freebsd...@freebsd.org] On Behalf Of Kevin Sent: 14 July 2009 23:56 To: freebsd-pf@freebsd.org Subject: PF + ALT QUEUE for DDOS DNS attack Greetings, I am currently attempting to mitigate a DDoS attack on our network that is comprised mainly of bogus DNS requests. The attacks seem to be coming in waves of DNS queries on our internal systems. I have tried several different ways of mitigating this, one of which is to queue the DNS traffic via PF + ALTQ. I have attempted to limit the DNS traffic to the particular host that is being attacked. However, this doesn't seem to be very effective, as the nature of a DDoS attack means that the queries being made are fairly simple and straightforward. I was hoping to get some tips / tricks from people who have encountered similar scenarios. My firewall is (obviously) PF. FreeBSD specific information : FreeBSD fw 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #4: Tue Dec 16 13:00:03 EST 2008 f...@fw:/usr/obj/usr/src/sys/FW i386 I'm looking for tips / tricks as far as what I can do on the firewall level, of course. Any help is greatly appreciated! :) ~kevin _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org" _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
