Fortinet Training Institute
nguyviet
New Contributor

DDOS

Dear Admin ,

How to block Ddos dns amplification attack inbound with Fortinet 60F version 6.2.4 ?

Thanks You
7 REPLIES 7
JustGibb
New Contributor II

Hi,

The capability is limited, recommend using the FortiDDOS appliance which has much greater DDOS mitigation.

KR

Justin
ATAIDIAL

ok thank have a great day
ATAIDIAL
New Contributor

that will be great but can you give more information ant link reference
nguyviet

Thanks you for reply ,

I has been block DDOS via Splunk with command active response block source ip address-------------------------------------------
Original Message:
Sent: Jun 22, 2020 11:05 PM
From: ATAICO DIALLO
Subject: DDOS

that will be great but can you give more information ant link reference
Original Message:
Sent: Jun 01, 2020 06:42 AM
From: nguyen viet
Subject: DDOS

Dear Admin ,

How to block Ddos dns amplification attack inbound with Fortinet 60F version 6.2.4 ?

Thanks You
Jonathan_Rennie_FTNT

this is an older version but it still applies to v6.2
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-firewall-52/Firewall%20Policies/IPv4%20DoS%20Policy.htm
That will be me then!!
nguyviet

Dear Jonathan ,
Thanks you for reply
 
I have test on DoS policy but it was not effective with DNS TXT records . I think use Splunk monitor with active response command base on TXT records it best solution for small company 

I think best solution  with large company use Cloud Akamai protection DDoS
Jonathan_Rennie_FTNT

Hi Nguyen,
Did you try this with by adjusting the defaults on udp_dst_session as the defaults might be too big and let the attack pass??
That will be me then!!