• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

DDOS Attack port 53 Router Only Setup

Scheduled Pinned Locked Moved Firewalling
4 Posts 4 Posters 1.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    dangbird
    last edited by Aug 1, 2014, 6:53 PM Aug 1, 2014, 4:29 PM

    Hello all PFSense Pros…

    I am getting DDos attacked.  I have a setup of Comcast Metro Fiber ->Comcast Cienna Switch->PFSENSE->My WAN Usable IP's
    I have my PFSENSE Firewall Features Disabled (Router Only Platform) are there any options to stop the ACK's from going back from a DNS 53 Syn Flood?

    Again with router only.  Unless I can get the same functionality of Router Only but Enable Firewall rules.

    OR Can I still have the Firewall Enabled, Disable NAT/Have the router work the same as it does in Router Only Mode but with the Firewall?
    Ignorance is bliss except in this case.

    1 Reply Last reply Reply Quote 0
    • H
      Harvy66
      last edited by Aug 5, 2014, 12:09 PM

      DNS flood is UDP, so no "ACKs". Do you mean a UDP reply? If your DNS server is replying, you may need to configure it not to.

      You can setup PFSense as a "transparent firewall". I have not done this myself, but that's the term to look for.

      1 Reply Last reply Reply Quote 0
      • M
        mikeisfly
        last edited by Aug 8, 2014, 8:59 AM

        I would also contact Comcast and see if they can stop the offending IP address(es) upstream so your router/firewall doesn't see the traffic.

        1 Reply Last reply Reply Quote 0
        • C
          Cmellons
          last edited by Aug 8, 2014, 8:33 PM

          @mikeisfly:

          I would also contact Comcast and see if they can stop the offending IP address(es) upstream so your router/firewall doesn't see the traffic.

          Also Comcast will have to contact every ISP upstream to the point where the activity is originating to actually stop it. Meaning that it happens way before it gets to your ISP in most cases.  I just read a couple good articles on it from cisco's website.

          The first one is a very long read just to warn you.

          http://www.cisco.com/c/en/us/products/collateral/security/traffic-anomaly-detector-xt-5600a/prod_white_paper0900aecd8011e927.pdf

          This one discuses even more prevention and mitigation methods.

          http://www.cisco.com/c/en/us/support/docs/security-vpn/kerberos/13634-newsflash.html

          1 Reply Last reply Reply Quote 0
          1 out of 4
          • First post
            1/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received