The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Udp 53 in

Discussion in 'Security' started by fcbinfo, Oct 18, 2013.

  1. fcbinfo

    fcbinfo Well-Known Member

    Joined:
    Dec 10, 2006
    Messages:
    120
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Can I block any to myserverip UDP 53?

    Getting some flood on this, and when i block it on the hardware firewall the flood stop.

    Server still working. Can i stay with this blocked?

    Thanks!
     
  2. fcbinfo

    fcbinfo Well-Known Member

    Joined:
    Dec 10, 2006
    Messages:
    120
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Well... cant.

    Now it stop to work. =/
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    671
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Yes, UDP traffic over port 53 must be allowed. Have you tried finding the source of the flood to block it, instead of blocking all traffic to the port?

    Thank you.
     
  4. fcbinfo

    fcbinfo Well-Known Member

    Joined:
    Dec 10, 2006
    Messages:
    120
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hi. Sorry for late reply.

    It's have too much IPs from Asia.
    I have blocked Asia: APNIC - Resource ranges allocated by APNIC
    Now, I'm still getting flood.
    But the server has Dual E-2620 - 128Gb of ram, 16x SSD Raid-10 and 10Gbps of connection.
    Easy to this server =)

    I have added this too:

    iptables -A myownrule -p udp --dport 53 -m state --state NEW -m recent --set
    iptables -A myownrule -p udp --dport 53 -m state --state NEW -m recent --update --seconds 120 --hitcount 3 -j DROP

    This rule is attached to forward.

    What you think about this rule? Only 3 connections for the same IP in 2 minutes.
     
  5. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    Because "flood" can mean almost anything, how much is it in this case?
     
  6. fcbinfo

    fcbinfo Well-Known Member

    Joined:
    Dec 10, 2006
    Messages:
    120
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Just not more than the server can stay up without problems.

    Some think about 200 connections per second on udp 53, and 50 per second on 25

    =/
     
  7. simonas

    simonas Well-Known Member

    Joined:
    Apr 21, 2013
    Messages:
    141
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lithuania
    cPanel Access Level:
    Root Administrator
    I would recommend installing CSF firewall, which has BIND flood security. I set it to minimal value on every server.
    Does the job so far.
     
  8. fcbinfo

    fcbinfo Well-Known Member

    Joined:
    Dec 10, 2006
    Messages:
    120
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Its installed.

    I'm using this iptables behind this server.
     
Loading...
Similar Threads - Udp
  1. keat63
    Replies:
    1
    Views:
    876

Share This Page