Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Advanced DNS Protection

Who Me Too'd this solution

Re: RFC 8482 implementation - minimizing Query Type ANY
PAdair
New Member
Posts: 5

‎03-28-2019 04:47 PM

This widget could not be displayed.
This widget could not be displayed.

Advanced DNS Protection allows you to block or rate limit use of the ANY query in multiple ways.

 

  1. By default rule 130400100 under DNS Amplification and Reflection will rate limit at 5 reflection/amplifcation queries per second.  Type ANY queries will trigger this rate limit.  This rule can be tuned more aggresively if needed.
  2. Rule 130502800 under DNS Message types can be used to block Type ANY queries.
  3. Type ANY queries can be blocked and rate limited by fqdn or overall using custom ADP rules as well.

 

View solution in original post

1 person found this solution to be helpful.
Reply
Who Me Too'd this solution