Depending on the attack, most (if not all) software firewalls are going to be utterly useless in regards to not filtering out legitimate DNS traffic. (Basically, everything will probably end up getting filtered just creating a whole mess...)
Attacks due to misconfiguration in named.conf work in the following manner,Attacker sends several thousand spoofed requests toa DNS server that allows recursion. The DNS server processes these requests as valid and then returns the DNS replies to the spoofed recipient . When the number of requests is in the thousands, the attacker could potentially generate a multi-gigabit flood of DNS replies.
Last edited by Lsupport; 05-29-2008 at 12:45 AM.
LiquidSupport - A subsidiary of I-Fort Technologies (Pvt.) Ltd Server Administration | Technical Support | Web Development