<div>
Drop all inbound port 53 requests on the outside interface. This will at least relieve the firewall from having to process the packet and thus might improve performance. No way to prevent the traffic from coming to you but if there is no service responding, they might go away because it is a waste of time to keep hitting your link.
</div>


Drop all inbound port 53 requests on the outside interface. This will at least relieve the firewall from having to process the packet and thus might improve performance. No way to prevent the traffic from coming to you but if there is no service responding, they might go away because it is a waste of time to keep hitting your link.

<div>
Would the source port be udp 53 or destination be udp 53?
</div>


Would the source port be udp 53 or destination be udp 53?

<div>
What about dns replies to users issuing a dns query? &nbsp;Would those traffic be blocked too?
</div>


What about dns replies to users issuing a dns query?  Would those traffic be blocked too?

<div>
Main performance issue was related to ISP.
</div>


Main performance issue was related to ISP.

<div>
<div class="content wysiwyg-content">
I am getting a lot of alerts in the Sonic Wall 205 with 'DNS rebinding attack' logs. &nbsp;It appears to be inbound from the Comcast dns servers. &nbsp;<br />
<br />
The dns setting is to set to log attack only and I tried changing it to log and drop but after several days, it caused dns to not resolve at all. &nbsp;I changed it. &nbsp;I think this is causing a performance issue with our internet circuit. &nbsp;We have a 100MB circuit but the speedtest.net shows only 27MB at times.<br />
<br />
I also tried switching it to a openDNS (208.67.222.222) and that didn't seem to help.<br />
<br />
Just wondering how I can go about resolving this.
</div>
</div>


I am getting a lot of alerts in the Sonic Wall 205 with 'DNS rebinding attack' logs.  It appears to be inbound from the Comcast dns servers.  

The dns setting is to set to log attack only and I tried changing it to log and drop but after several days, it caused dns to not resolve at all.  I changed it.  I think this is causing a performance issue with our internet circuit.  We have a 100MB circuit but the speedtest.net shows only 27MB at times.

I also tried switching it to a openDNS (208.67.222.222) and that didn't seem to help.

Just wondering how I can go about resolving this.

DNS rebinding attack

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.