Showing results for 
Search instead for 
Did you mean: 

Rate limit incoming DNS Queries?


So we've got a 3725 with the ADVSECURITY IOS, and I've been asked to look at something i'm unfamiliar with.  Perhaps you guys would know.

Is there a way I can rate-limit incoming packets (DNS Queries to be exact, but it shouldn't really matter) coming from any single host? 

So for instance... host can freely request DNS information.... but if they do it more than x times in a second they're probably up to no good, and thus we just start dropping y% of requests from that IP.  I'm certain this can be done in the DNS server itself, but we'd like to cut this kind of stuff off before it ever makes it that far.

And again, just to be clear, we're not working with a blacklist here... we're looking for a simple rule that will just drop packets from any sufficiently noisey address (we're a low enough volume site that it's easy to draw the line between "sensible" and "not", so that won't be a problem).

any ideas?

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers