fcbinfo

Well-Known Member
Dec 10, 2006
111
3
168
cPanel Access Level
Root Administrator
Can I block any to myserverip UDP 53?

Getting some flood on this, and when i block it on the hardware firewall the flood stop.

Server still working. Can i stay with this blocked?

Thanks!
 

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,911
2,234
363
cPanel Access Level
DataCenter Provider
Twitter
Hello :)

Yes, UDP traffic over port 53 must be allowed. Have you tried finding the source of the flood to block it, instead of blocking all traffic to the port?

Thank you.
 

fcbinfo

Well-Known Member
Dec 10, 2006
111
3
168
cPanel Access Level
Root Administrator
Hi. Sorry for late reply.

It's have too much IPs from Asia.
I have blocked Asia: APNIC - Resource ranges allocated by APNIC
Now, I'm still getting flood.
But the server has Dual E-2620 - 128Gb of ram, 16x SSD Raid-10 and 10Gbps of connection.
Easy to this server =)

I have added this too:

iptables -A myownrule -p udp --dport 53 -m state --state NEW -m recent --set
iptables -A myownrule -p udp --dport 53 -m state --state NEW -m recent --update --seconds 120 --hitcount 3 -j DROP

This rule is attached to forward.

What you think about this rule? Only 3 connections for the same IP in 2 minutes.
 

fcbinfo

Well-Known Member
Dec 10, 2006
111
3
168
cPanel Access Level
Root Administrator
Just not more than the server can stay up without problems.

Some think about 200 connections per second on udp 53, and 50 per second on 25

=/
 
Thread starter Similar threads Forum Replies Date
4 Security 6
A Security 1
G Security 1
keat63 Security 1
Hedloff Security 2