Hello
Dears, I'm using FreeBSD with Unbound DNS service to resolve DNS queries. In case of DNS amplification attacks (most on 'ANY' type of record), I can not find any solution on FreeBSD to drop the packets which are carrying type 'ANY' record.
But instead in Linux and iptables you can drop required packets with the HEX string matching in the payload.
Is there anyone who can help me to find any solution for BSD firewalls, otherwise I need to switch to Linux.
here is the rule for iptables:
Dears, I'm using FreeBSD with Unbound DNS service to resolve DNS queries. In case of DNS amplification attacks (most on 'ANY' type of record), I can not find any solution on FreeBSD to drop the packets which are carrying type 'ANY' record.
But instead in Linux and iptables you can drop required packets with the HEX string matching in the payload.
Is there anyone who can help me to find any solution for BSD firewalls, otherwise I need to switch to Linux.
here is the rule for iptables:
Code:
-A INPUT -p udp --dport 53 -m string --from 50 --algo bm --hex-string '|00FF0001|' -m recent --set --name dnsanyquery2
-A INPUT -p udp --dport 53 -m string --from 50 --algo bm --hex-string '|00FF0001|' -m recent --name dnsanyquery2 --rcheck --seconds 10 --hitcount 3 -j REJECT