Udp 53 in

fcbinfo

• October 18, 2013 05:48

Can I block any to myserverip UDP 53? Getting some flood on this, and when i block it on the hardware firewall the flood stop. Server still working. Can i stay with this blocked? Thanks!

• 

  fcbinfo

  • October 18, 2013 10:54

  Well... cant. Now it stop to work. =/

  0
• 

  cPanelMichael

  • October 18, 2013 15:44

  Hello :) Yes, UDP traffic over port 53 must be allowed. Have you tried finding the source of the flood to block it, instead of blocking all traffic to the port? Thank you.

  0
• 

  fcbinfo

  • October 21, 2013 17:11

  Hi. Sorry for late reply. It's have too much IPs from Asia. I have blocked Asia: [url=http://www.apnic.net/publications/research-and-insights/ip-address-trends/apnic-resource-range]APNIC - Resource ranges allocated by APNIC Now, I'm still getting flood. But the server has Dual E-2620 - 128Gb of ram, 16x SSD Raid-10 and 10Gbps of connection. Easy to this server =) I have added this too: iptables -A myownrule -p udp --dport 53 -m state --state NEW -m recent --set iptables -A myownrule -p udp --dport 53 -m state --state NEW -m recent --update --seconds 120 --hitcount 3 -j DROP This rule is attached to forward. What you think about this rule? Only 3 connections for the same IP in 2 minutes.

  0
• 

  quietFinn

  • October 21, 2013 17:25

  [quote="fcbinfo, post: 1487482"> Now, I'm still getting flood.
  Because "flood" can mean almost anything, how much is it in this case?

  0
• 

  fcbinfo

  • October 21, 2013 19:28

  Just not more than the server can stay up without problems. Some think about 200 connections per second on udp 53, and 50 per second on 25 =/

  0
• 

  simonas

  • October 21, 2013 19:31

  I would recommend installing CSF firewall, which has BIND flood security. I set it to minimal value on every server. Does the job so far.

  0
• 

  fcbinfo

  • October 21, 2013 19:42

  Its installed. I'm using this iptables behind this server.

  0

Please sign in to leave a comment.