Thread: DDOS and pf
View Single Post
Old 31st December 2010
drummondislebsd drummondislebsd is offline
New User
 
Join Date: Nov 2010
Posts: 3
Default What to do?

Quote:
Originally Posted by J65nko View Post
Even if you block the packets, they still arrive on your interface and block your internet pipe.

Talk to your webhosting company, give them the offending IP addresses and/or logs. They can do something against it.
You mention the hosting company can do something about it...

Are you referring to the establishment of a pf/bridge with max/src/conn further "up the line" that prevents the offenders/packets from ever reaching the server's domains?

Logically, this only moves the "clog" in the pipe up the line, unless I'm missing something. If the offender is persistent, block/drop of their packets is great, but it could be a constant event... like a wikileaks 20G DDOS event, right?
Reply With Quote