Hi,
I tried asking this question another way and don't think I made it
clear what or why it was needed.
I am an ISP and I have been seeing a customer IP address being targeted
for a DDoS which appears to be an dns amplification attack. I checked
the ip's of the servers sending packets and they all appear to be
legitimate recusive resolvers that unfortunately don't limit queries to
their own customer networks. On my side, I would like to impose a rule
for this single customer that no dns traffic - other than from my own
resolvers - is forwarded between this customer and the network. The
customer is terminated with PPPoE on a 7201 and they have radius profile
entry that includes 'Filter-Id' which contains a basic home user filter
to deny crap traffic such as rfc1918 and such. I would like to be able
to add an additional filter on top of this which includes deny all port
53 except to/from my servers. I don't want to cut/paste and create a new
access list for this customer, I just want to be able to add some
additional rules on top of the default filter set. Surely there has to
be a way to do this?
Mike-
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
