Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
926
Views
0
Helpful
0
Replies

Rate limit incoming DNS Queries?

thegreattriscuit
Level 1
Level 1

‎10-29-2012 08:06 PM - edited ‎03-04-2019 06:00 PM

So we've got a 3725 with the ADVSECURITY IOS, and I've been asked to look at something i'm unfamiliar with.  Perhaps you guys would know.

Is there a way I can rate-limit incoming packets (DNS Queries to be exact, but it shouldn't really matter) coming from any single host? 

So for instance... host 1.1.1.1 can freely request DNS information.... but if they do it more than x times in a second they're probably up to no good, and thus we just start dropping y% of requests from that IP.  I'm certain this can be done in the DNS server itself, but we'd like to cut this kind of stuff off before it ever makes it that far.

And again, just to be clear, we're not working with a blacklist here... we're looking for a simple rule that will just drop packets from any sufficiently noisey address (we're a low enough volume site that it's easy to draw the line between "sensible" and "not", so that won't be a problem).

any ideas?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card