View Single Post
  #5   (View Single Post)  
Old 22nd December 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,287
Default

With the information we have here, it is not certain what is occurring.

If there is network abuse, or an "attack" occurring, then:
  • If there is abuse occurring from individual addresses, then PF alone can block the abuse. Example: one IP address creating high numbers of parallel connections. Stateful tracking can kill states and block the IP addresses.
  • If the abuse is widely distributed, such that only the traffic in aggregate causes the problem, then PF can be used to mitigate the abuse, but may not be able to eliminate it. Example: small number of connections from individual IPs, but a large number of IP addresses making connections in parallel. Stateful tracking can limit the number of connections permitted to pass to the webserver.
Reply With Quote