I see .... No, not really.
Anyway, if you don't want to affect traffic, why not just change the recommended-action to none?
------------------------------
Nikolay Semov
------------------------------
Original Message:
Sent: 10-21-2025 21:32
From: eugene1973
Subject: DNS, custom-attack, minimal action
If I were to put in other types of attacks, it would look specifically for that attack that is listed. Also, the list can be added to. Manually or through licensing. I need to check that answer but im assuming. So I want the code there, but it must not disrupt DNS. Which it does if that certain type of attack is affecting us. But myself firstly. So the problem to solve is the route that is pesky. But in my case im not solving a specific DNS attack but rather helping routing.
------------------------------
Adrian Aguinaga
B.S.C.M. I.T.T. Tech
(Construction Management)
A.A.S. I.T.T. Tech
(Drafting & Design)
Original Message:
Sent: 10-21-2025 21:19
From: Nikolay Semov
Subject: DNS, custom-attack, minimal action
What do you mean by "it needs a problem to solve"?
------------------------------
Nikolay Semov
Original Message:
Sent: 10-21-2025 20:46
From: eugene1973
Subject: DNS, custom-attack, minimal action
Has anyone found a more generic way to do this? I want the code in my box, but it needs to basically just run without affecting dns. I've found that this targets specific attacks but makes performance problematic because it needs a problem to solve. It's running as i have described, but can it be improved?
active-policy No-IPZero;
custom-attack DNS {
recommended-action drop;
severity critical;
attack-type {
anomaly {
service DNS;
test TRANSPOOFF;
direction any;
}
}
}
}
------------------------------
Adrian Aguinaga
B.S.C.M. I.T.T. Tech
(Construction Management)
A.A.S. I.T.T. Tech
(Drafting & Design)
------------------------------