All Juniper related discussions.
Protocol
New Member
Posts:
18
Joined:
Fri Nov 23, 2012 4:33 pm

DNS DDos mitigation

Thu Dec 15, 2016 7:47 am

Hi,

One of my customers is experiencing a DDoS attack specifically a DNS amplification causing the customers router to crash. I'm trying to block this on the edge device so the flood is stopped before it enters the network and have configured the following but it doesn't seem to be working as DNS is still topping 100Mbit/s and I've tried to limit it to 10Mbit/s (see below config). I have juniper experience just not in firewall filters so would appreciate some help on where I've gone wrong and if there are any better DNS DDoS mitigation techniques I can use?

filter protect-filter {
term limit-DNS {
from {
destination-address { <----------------Customers IP address
xx.xx.xx.xx/32;
}
protocol [ udp tcp ];
source-port 53;
}
then {
policer 10m-bw-limit;
log;
accept;
}
}
term accept-rest {
then accept;
}
policer 10m-bw-limit {
if-exceeding {
bandwidth-limit 10m;
burst-size-limit 1m;
}
then discard;

'
Return to Juniper Networking

Who is online

Users browsing this forum: No registered users and 6 guests