Solved

DNS rebinding attack

Posted on 2014-02-14
5
730 Views
1 Endorsement
Last Modified: 2014-02-15
I am getting a lot of alerts in the Sonic Wall 205 with 'DNS rebinding attack' logs.  It appears to be inbound from the Comcast dns servers.  

The dns setting is to set to log attack only and I tried changing it to log and drop but after several days, it caused dns to not resolve at all.  I changed it.  I think this is causing a performance issue with our internet circuit.  We have a 100MB circuit but the speedtest.net shows only 27MB at times.

I also tried switching it to a openDNS (208.67.222.222) and that didn't seem to help.

Just wondering how I can go about resolving this.
1
Comment
Question by:LateNaite
  • 3
  • 2
5 Comments
 
LVL 11

Expert Comment

by:Technodweeb
ID: 39860507
Drop all inbound port 53 requests on the outside interface. This will at least relieve the firewall from having to process the packet and thus might improve performance. No way to prevent the traffic from coming to you but if there is no service responding, they might go away because it is a waste of time to keep hitting your link.
0
 

Author Comment

by:LateNaite
ID: 39860600
Would the source port be udp 53 or destination be udp 53?
0
 

Author Comment

by:LateNaite
ID: 39860603
What about dns replies to users issuing a dns query?  Would those traffic be blocked too?
0
 
LVL 11

Accepted Solution

by:
Technodweeb earned 500 total points
ID: 39861311
Replies to a request originating from your router/firewall should not be blocked. Your router/firewall configuration may require tweaking to avoid this problem but generally it should not block them. The only thing that should be blocked is traffic not originating from your LAN on port 53.

The DST port is 53. The source port will most always be random...
0
 

Author Comment

by:LateNaite
ID: 39862276
Main performance issue was related to ISP.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

948 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now