KEMBAR78
04.DNS Protection Advanced Profiles | PDF | Domain Name System | Denial Of Service Attack
Scribd
Upload
143 views3 pages

04.DNS Protection Advanced Profiles

This document describes how to configure DNS Protection advanced profiles in Radware DefensePro. It provides details on the parameters that can be configured for each profile, including expected traffic levels, status of protection for different DNS record types, quotas, thresholds for attack detection and termination, and actions to take during attacks. DNS Protection profiles are used to define normal traffic patterns and detect DNS floods and other attacks.

Uploaded by

Le Vinh Hien
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
143 views3 pages

04.DNS Protection Advanced Profiles

This document describes how to configure DNS Protection advanced profiles in Radware DefensePro. It provides details on the parameters that can be configured for each profile, including expected traffic levels, status of protection for different DNS record types, quotas, thresholds for attack detection and termination, and actions to take during attacks. DNS Protection profiles are used to define normal traffic patterns and detect DNS floods and other attacks.

Uploaded by

Le Vinh Hien
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

DNS Protection Advanced Profiles https://webhelp.radware.com/dp/v6.09/DNS_prot_Adv_Profiles.

htm

Show
Home > DefensePro > Denial of Service > DNS Protection > Advanced > DNS Protection Advanced Profiles

DNS Protection Advanced Profiles


Use the DNS Protection Advanced Profiles pane to configure DNS-Flood Protection profiles with advanced parameters.
DefensePro uses the bandwidth and quota values to derive a baseline for normal inbound and outbound traffic.
DNS Protection profiles can be used only in one-way policies.
It is recommended to configure policies that include DNS Protection profiles using Networks with source = Any, the public network, and
destination = Protected Network.
Note: Radware recommends that you initially leave the quota fields (for example, DNS A quota) so that the default values will automatically be
used. To view default values after creating the profile, click the entry in the table. You can then adjust quota values based on your network
performance.
The total quota values may exceed 100%, as each value represents the maximum volume per protocol.

To configure a DNS Protection profile with advanced parameters


1. Select DefensePro > Denial of Service > DNS Protection > Advanced > Profiles Configuration.
2. Do one of the following:
To add an entry, click Create.
To edit an entry, click the entry link in the table.
3. Configure the parameters, and click Set.

Parameter Description

Profile Name The user-defined name for the profile.

Expected QPS The expected rate, in queries per second, of DNS queries.

DNS A Flood status Specifies whether this profile protects against DNS A Flood attacks.
Values: inactive, active
Default: inactive

DNS A quota The maximum expected percentage of DNS A traffic out of the total DNS traffic.

DNS MX Flood status Specifies whether this profile protects against DNS MX Flood attacks.
Values: inactive, active
Default: inactive

DNS MX quota The maximum expected percentage of DNS MX traffic out of the total DNS traffic.

DNS PTR Flood status Specifies whether this profile protects against DNS PTR Flood attacks.
Values: inactive, active
Default: inactive

DNS PTR quota The maximum expected percentage of DNS PTR traffic out of the total DNS traffic.

DNS AAAA Flood status Specifies whether this profile protects against DNS AAAA Flood attacks.
Values: inactive, active
Default: inactive

DNS AAAA quota The maximum expected percentage of DNS AAAA traffic out of the total DNS traffic.

DNS TEXT Flood status Specifies whether this profile protects against DNS TEXT Flood attacks.
Values: inactive, active
Default: inactive

DNS TEXT quota The maximum expected percentage of DNS TEXT traffic out of the total DNS traffic.

DNS SOA Flood status Specifies whether this profile protects against DNS SQA Flood attacks.
Values: inactive, active
Default: inactive

DNS SOA quota The maximum expected percentage of DNS SQA traffic out of the total DNS traffic.

DNS NAPTR Flood status Specifies whether this profile protects against DNS NAPTER Flood attacks.
Values: inactive, active
Default: inactive

1 of 3 10/6/2022, 11:16 AM
DNS Protection Advanced Profiles https://webhelp.radware.com/dp/v6.09/DNS_prot_Adv_Profiles.htm

DNS NAPTR quota The maximum expected percentage of DNS NAPTER traffic out of the total DNS traffic.

DNS SRV Flood status Specifies whether this profile protects against DNS SRV Flood attacks.
Values: inactive, active
Default: inactive

DNS SRV quota The maximum expected percentage of DNS SRV traffic out of the total DNS traffic.

DNS OTHER Flood status Specifies whether this profile protects against DNS OTHER Flood attacks.
Values: inactive, active
Default: inactive

DNS OTHER quota The maximum expected percentage of other DNS traffic (that is, not A, MX, AAAA, TEXT, SOA,
NAPTR, or SRV) out of the total DNS traffic.

Max Allowed QPS The maximum allowed rate of DNS queries per second.
Values: 0–4,000,000
Default: 0
Note: When Manual Triggers Status is enable, the Manual Triggers Max QPS Target value
overrides this value.

Signature Rate limit Target The percentage of the DNS traffic that matches the real-time signature that the profile will not
mitigate above the baseline.
Values: 0–100
Default: 0

Packet Report Status Specifies whether the device sends sampled attack packets to APSolute Vision for off-line
analysis.
Default: disable

Packet Trace Status Specifies whether the DefensePro device sends attack packets to the specified physical port.
Default: disable

Action The action that the profile takes on DNS traffic during an attack.
Values: Block and Report, Report Only
Default: Block and Report

Manual Triggers Status Specifies whether the profile uses user-defined DNS QPS thresholds instead of the learned
baselines.
Default: disable

Manual Triggers Activation Threshold The minimum number of queries per second—after the specified Activation Period—on a single
connection that causes the device to consider there to be an attack. When the device detects an
attack, it issues an appropriate alert and drops the DNS packets that exceed the threshold.
Packets that do not exceed the threshold bypass the DefensePro device.
Values: 0–4,000,000
Default: 0

Manual Triggers Termination Threshold The maximum number of queries per second—after the specified Termination Period—on a single
connection that cause the device to consider the attack to have ended.
Values: 0–4,000,000
Default: 0
Note: The Termination Threshold must be less than or equal to the Activation Threshold.

Manual Triggers Max QPS Target The maximum allowed rate of DNS queries per second.
Values: 0–4,000,000
Default: 0

Manual Triggers Activation Period The number of consecutive seconds that the DNS traffic on a single connection exceeds the
Activation Threshold that causes the device to consider there to be an attack.
Values: 0–30
Default: 3

Manual Triggers Termination Period The time, in seconds, that the DNS traffic on a single connection is continuously below the
Termination Threshold, which causes the device to consider the attack to have ended.
Values: 0–30
Default: 3

Manual Triggers Escalation Period The time, in seconds, that the device waits before escalating to the next specified Mitigation
Action.
Values: 0–30

2 of 3 10/6/2022, 11:16 AM
DNS Protection Advanced Profiles https://webhelp.radware.com/dp/v6.09/DNS_prot_Adv_Profiles.htm

Default: 3

3 of 3 10/6/2022, 11:16 AM

You might also like