09-25-2013 01:34 PM - edited 03-11-2019 07:43 PM
Hi,
I am trying to block intrusion on DNS servers on Internet edge FWSM. Usually during an event there are a lot of (limit ia 1 Million) connection on DNS servers whic trigger FWSM mem and cpu to 100%. I have reducede UDP idle time to 1 minute.
What are other suggestions. I don't have IPS. The only defence is on FWSM. Can I create a policy that would limit number of connections from an outside source to say for example 500.
ANy other suggestions ?
Thanks
09-26-2013 02:17 PM
Hi Fawad,
Check the below link. It may give some idea...
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml
Thx
MS
09-26-2013 06:22 PM
hi
if you configured netflow check the the flow, enable dns inspection and dns gurd...
you can refer http://www.cisco.com/web/about/security/intelligence/dns-bcp.html
Thanks
Pranesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide