Cisco ASA5510 - Configuring Connection Limits and Timeout for Preventing DDoS
Posted on 2014-02-20
My public facing DNS were being syn flooded this morning. I configured a service policy rule on my ASA5510, and set the "Maximum Per Client Connections" to 20. Its seems to be working, but I am still getting the following messages all the time coming from different outside addresses, targeting my two public facing DNS servers.
Feb 20 2014 08:17:25: %ASA-3-201013: Per-client connection limit exceeded 20/20 for output packet from 220.127.116.11/6573 to x.x.x.134/53 on interface dmz
Is there anything further I can do to help stop this? I am eventually going to get an SSM for the ASA, but I don't have one yet.