|
|||
supress UDP ddos attack
Hi guys,
One of the IPs on my system is being subjected to occasional UDP floods (i can tell it's UDP by checking out the bandwidthd output for that IP). Whilst the rest of the network remains completely stable due to decent firewalls in use at the data-centre i can't help thinking that there's more i can be doing to limit the effect of these attacks via my software firewall (pf). I tried experimenting with the following rule; Code:
pass inet proto udp from any to x.x.x.x \ keep state \ (max-src-conn 100, max-src-conn-rate 15/5, \ overload <bruteforce> flush global) Thanks, Chris |
Thread Tools | |
Display Modes | |
|
|