|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Summary with further Question: Domain Name System protection
> What I'm not sure about ACL on router is, how to > survive DNS server under DoS/DDos attack. We suffered > from DoS attack last year, and we found the source IPs > of that attack locate in our customers IP address > blocks. ACL on router could only filter those traffic > not meaningful to DNS server, but how about those DDoS > attacking packets? Your router can presumably rate limit the traffic towards the name server to a level the name server can handle. On the name server you can perform further rate limiting on an IP address basis, with for instance FreeBSD ipfw. Steinar Haug, Nethelp consulting, [email protected]
|