View Single Post
  #1   (View Single Post)  
Old 6th July 2008
chris chris is offline
Port Guard
 
Join Date: May 2008
Location: United Kingdom
Posts: 35
Default supress UDP ddos attack

Hi guys,
One of the IPs on my system is being subjected to occasional UDP floods (i can tell it's UDP by checking out the bandwidthd output for that IP). Whilst the rest of the network remains completely stable due to decent firewalls in use at the data-centre i can't help thinking that there's more i can be doing to limit the effect of these attacks via my software firewall (pf). I tried experimenting with the following rule;

Code:
pass inet proto udp from any to x.x.x.x \
        keep state \
        (max-src-conn 100, max-src-conn-rate 15/5, \
         overload <bruteforce> flush global)
I *think* it helped a little but not as much as i'd like. First of all is there really any point in implementing this sort of protection and if so how can i make best use of pf to stop these attacks crippling the IP in question?

Thanks,
Chris
Reply With Quote