My public facing DNS were being syn flooded this morning. I configured a service policy rule on my ASA5510, and set the "Maximum Per Client Connections" to 20. Its seems to be working, but I am still getting the following messages all the time coming from different outside addresses, targeting my two public facing DNS servers.
Feb 20 2014 08:17:25: %ASA-3-201013: Per-client connection limit exceeded 20/20 for output packet from 188.8.131.52/6573 to x.x.x.134/53 on interface dmz
Is there anything further I can do to help stop this? I am eventually going to get an SSM for the ASA, but I don't have one yet.