[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: dDoS attacks
Michiel van Baak (email@example.com) wrote:
> I've been spending 3 days searching on google and reading docs/howto's
> about pf. But I didn't find any information about how to protect you
> server/network against dos and ddos attacks. Anyone who can enlighten
> me ?
> I'm pretty new to OpenBSD. Started using it when 2.9 came out and just
> preordered 3.2. I'm running a server/firewall on 3.0 for a while now.
Not so much as a direct reply but more as to share what happened when I
was ddossed a few month ago.
The thing that brought my pc to it's knees was pflog trying to log it
all. Once I found that out I disabled logging and Then I hardly had a
connection because my upload caused by the replies of my return-rst
firewall stuffed the upload. After that I disabled return-rst I got a
continous stream of 50kb/s and I barely noticed I was ddossed.
So my suggestion would be to put in triggers in pf that would go of at
certain levels that would indicate a ddos, after which logging and
return-rst is disabled. Perhaps pflog could go in another mode that
gathers much less detailed info.
Of course I don't know if this is a good idea. This is just my
Another side effect of the return-rst was that I got a warning from my
isp for scanning certain hosts. Of course the ips of the attackers were
spoofed and I got the blame for the return packets identified by the
other person as a scan.
Linux, the choice .~. I never said all Democrats were
of a GNU generation / V \ saloonkeepers; what I said was all
Kernel 2.4.19 /( . )\ saloonkeepers were Democrats.
on a i686 ^-^