A Threat ID of 40033 is logged into the threat logs when the Palo Alto Networks firewall sees 500 DNS ANY queries in 60 seconds from the same source/destination.
Details
Threat ID 40033 indicates that a DNS ANY Queries Brute Force DOS Attack has been detected. While an ANY request by itself may be normal traffic, it is possible for an attacker to perform a denial-of-service attack against a network using many ANY requests from spoofed sources.
40033 is the brute-force signature for child signature 34842 which detects a DNS ANY query. Performing an action for the child signature is not advisable. The brute-force parent signature requires 500 DNS ANY queries within 60 seconds to trigger with same src/dst, indicating a likely DOS attack. As with most other DOS signatures, it is by default a medium severity alerting signature. If a user wants to mitigate the DOS threat, the preferred action for brute-force signatures is to block-ip, which will actually stop the attack from continuing by blocking further requests from that client for a period of time.