|
|
|||
DDOS and pf
Hi,
I'm facing a DDOS on one of my servers that hosts few websites, If I implement synproxy on PF, could this solve the problem and decrease DDOS? Like I want to put OpenBSD or FreeBSD with two network interfaces and do nating from the OpenBSD or FreeBSD to the server hosts my websites. Regards, |
|
||||
You can use pf's overload feature, see the pf.conf(5) and the PF user's guide for documentation & examples.
Quote:
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. |
|
|||
Because I have already a configured server hosts my website, would OpenBSD and FreeBSD solve the problem of DDOS. Please I want your recommendation if you ever experienced the problem before.
|
|
|||
Its Linux CentOS, I want to get my websites up and running, so If pf could offer this I'd use it.
|
|
|||
If you have WHM, the ConfigServer firewall is good. It blocks bad IPs from brute force, port scans and the like, but I'm not sure about DDoS. I would give that a try if you aren't using it now.
|
|
||||
For this task, I would recommend OpenBSD. It is secure, very stable, fairly easy, and uses a KISS "it just works" approach.
FreeBSD will also work fine. Personal preferences and opinions on this subject may vary though, coming from Linux I'm sure you're familiar with the "My foo is better than your bar" type of discussions The OpenBSD FAQ is an extremely valuable resource for people new to the system: http://openbsd.org/faq/index.html As is the PF user's gude: http://openbsd.org/faq/pf/index.html
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. |
|
|||
Even if you block the packets, they still arrive on your interface and block your internet pipe.
Talk to your webhosting company, give them the offending IP addresses and/or logs. They can do something against it.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
What to do?
Quote:
Are you referring to the establishment of a pf/bridge with max/src/conn further "up the line" that prevents the offenders/packets from ever reaching the server's domains? Logically, this only moves the "clog" in the pipe up the line, unless I'm missing something. If the offender is persistent, block/drop of their packets is great, but it could be a constant event... like a wikileaks 20G DDOS event, right? |
|
|||
Exactly as said by J65nko, blocking packets simply means the kernel will ignore them and not process them further.. but they are still on the wire, and can potentially impact performance.
You must contact your hosting provider or ISP, on a case-by-case basis.. it's no easy job. |
|
|||
Yes, I understand this, but the hosting company couldn't do anything.
They said that they didn't have enough experience in that field. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Last year chinese ddos attacks - anyone damaged by them? | eurovive | Off-Topic | 0 | 4th March 2010 02:22 AM |
attacks DDoS | Sam | OpenBSD Security | 6 | 18th December 2009 12:07 AM |
supress UDP ddos attack | chris | FreeBSD Security | 4 | 9th July 2008 02:46 PM |