DDOS Attack port 53 Router Only Setup
-
Hello all PFSense Pros…
I am getting DDos attacked. I have a setup of Comcast Metro Fiber ->Comcast Cienna Switch->PFSENSE->My WAN Usable IP's
I have my PFSENSE Firewall Features Disabled (Router Only Platform) are there any options to stop the ACK's from going back from a DNS 53 Syn Flood?Again with router only. Unless I can get the same functionality of Router Only but Enable Firewall rules.
OR Can I still have the Firewall Enabled, Disable NAT/Have the router work the same as it does in Router Only Mode but with the Firewall?
Ignorance is bliss except in this case. -
DNS flood is UDP, so no "ACKs". Do you mean a UDP reply? If your DNS server is replying, you may need to configure it not to.
You can setup PFSense as a "transparent firewall". I have not done this myself, but that's the term to look for.
-
I would also contact Comcast and see if they can stop the offending IP address(es) upstream so your router/firewall doesn't see the traffic.
-
I would also contact Comcast and see if they can stop the offending IP address(es) upstream so your router/firewall doesn't see the traffic.
Also Comcast will have to contact every ISP upstream to the point where the activity is originating to actually stop it. Meaning that it happens way before it gets to your ISP in most cases. I just read a couple good articles on it from cisco's website.
The first one is a very long read just to warn you.
http://www.cisco.com/c/en/us/products/collateral/security/traffic-anomaly-detector-xt-5600a/prod_white_paper0900aecd8011e927.pdf
This one discuses even more prevention and mitigation methods.
http://www.cisco.com/c/en/us/support/docs/security-vpn/kerberos/13634-newsflash.html