Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 6th July 2008
chris chris is offline
Port Guard
Join Date: May 2008
Location: United Kingdom
Posts: 35
Default supress UDP ddos attack

Hi guys,
One of the IPs on my system is being subjected to occasional UDP floods (i can tell it's UDP by checking out the bandwidthd output for that IP). Whilst the rest of the network remains completely stable due to decent firewalls in use at the data-centre i can't help thinking that there's more i can be doing to limit the effect of these attacks via my software firewall (pf). I tried experimenting with the following rule;

pass inet proto udp from any to x.x.x.x \
        keep state \
        (max-src-conn 100, max-src-conn-rate 15/5, \
         overload <bruteforce> flush global)
I *think* it helped a little but not as much as i'd like. First of all is there really any point in implementing this sort of protection and if so how can i make best use of pf to stop these attacks crippling the IP in question?

Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT. The time now is 04:28 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick