dns amplification attack

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

dns amplification attack

L4 Transporter

Hi,

 

What are the best practices need to be followed  to  protect from the ddos  dns amplification attack . 

How to  filter the  trace  from the  log  if there is any attack happened ? 

Thanks

2 accepted solutions

Accepted Solutions

L6 Presenter

Zone protection profile on outside/internet interface will protect your servers from traffic originating from internet.

Zone protection profile on interface where your DNS servers are will prevent your servers sending a lot of traffic towards internet (or some other zone) if they get compromised somehow. 

View solution in original post

4 REPLIES 4

L6 Presenter

Zone protection on outside/external/internet interface to protect your servers. And zone protection on the interface where your DNS servers are to prevent your servers being used as amplifiers. 

L6 Presenter

Here's a Tech Note which covers threat & DoD Protection.  Check it out:  https://live.paloaltonetworks.com/t5/Documentation-Articles/Threat-Prevention-Deployment-Tech-Note/t...

 

Hi,

"And zone protection on the interface where your DNS servers are to prevent your servers being used as amplifiers. "

Can you explain how to do that .

Thank you 

Zone protection profile on outside/internet interface will protect your servers from traffic originating from internet.

Zone protection profile on interface where your DNS servers are will prevent your servers sending a lot of traffic towards internet (or some other zone) if they get compromised somehow. 

  • 2 accepted solutions
  • 4257 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!