What is the biggest attack in GBPS you stopped
-
Send a message through the system, but can't see a sent message… did you get it ?
-
Just a short notice on the matter.
Even after the 2.2.2 upgrade the GUI itself stille becomes useless during a SYN flood.
http://youtu.be/Jji4lW8gW1c
It even records packet loss to the LAN side and response times gets 10 times longer. Traffic graphs doesnt update at all and the worst part is the amount of traffic coming in.
15mbps…. States running around 150K out of 8MM. No real load on the server itself, but pf is dead. If the attack gets a little bigger (around 40mbps) then it goes offline completely and doesnt handle traffic at all.
-
Testing again this time stateless.
http://youtu.be/CGDo9pAQDlo
It completely downs pfSense and render the GUI useless/unresponsive.
-
Have you tested FreeBSD and/or OpenBSD?
-
FreeBSD yes, OpenBSD no.
-
but pf is dead. … goes offline completely and doesnt handle traffic at all. ... It completely downs pfSense and render the GUI useless/unresponsive.
-
no good news on the horizon then :(
-
Do you have a fix for this? Any ideas Doktor??
-
No, I have no fix for your top secret instant DoS. You know what? Either do a proper full disclosure or go away. Tired of reading this useless "PM me and I'll DoS you" crap for months.
-
Do you actually think that by going public with a script that can down any pfsense installation with a bandwith usage of 40mbps would be a wise idea??
What the hell is wrong with you?
-
With me? This "PM to get DoS-ed" BS is not how you get things fixed… Either work with those concerned (that includes FreeBSD upstream), or just publish it. Seriously noone is interested in crappy Youtube videos of unresponsive GUI.
-
But we want to test things and actually have something to point out before we introduce the world.
We want to see if others are affected and sees the same as we do.
Then we did write to ESF and told them there was a huge problem.
Not much has come back…
We upgrade and harden the damn thing to get a clue of whats actually going on when it hits and WHY 15mbps downs the thing!
I would love to open a redmine ticket for this, but I havent got a clue of which direction to point people in...!
So cut the crap and help if you can. Otherwise STFU.
-
Who the hell is "we"? I for sure don't want to see any Youtube "tests". Reminds me of the endless crappy antivirus "reviews" done on Youtube in a VM. If all you wrote to someone was "Hey, there's a huge problem, PM me and I'll DoS you", there's no surprise not much came back. You need to provide a testcase to reproduce the thing. Not this nonsense.
-
Lowprofile is also in this test scenario.
He has the email conversation with ESF.
-
If responsable disclosure has been done and no suitable answer is given sometimes full disclosure is the way to go.
In any way the bad guys are probably allready aware of the details so it will not hurt so much and help the community to find solutions if there is one, and if not, then be aware seems better than beleiving we are safe.
Of course this is my way of seeing things. Not using pfsense on professional things i use it only for now on personal adsl lines . Also if this is a FreeBSD issue and not a pfsense only thing trying to reach the bds guys could be the solution.
-
Its in the OS. Hardware can easily handle it if you got some muscle.
I can take this site offline using a specific type of traffic that takes no more than 70-80Mbps bandwith.
When that traffic hits pfSense, its dead. Goes offline instantly. No matter how powerful the hardware is.
I run 8 Core, 16GB ram and SSD. Dead in a second if it hits.
Exploiting the multithreading capabilities perhaps?
-
Perhaps :)
-
@ghislain26:
hi,
i am hit by ddos (upd flood mostly) and looking for solutions, hopefully opensource ones. I wanted to know what was the biggest multi gigabits attack you successfully stopped with your pfsense setup in the field ( so not with nullrouting at ISP level) and what the hardware used was.
My actuel issue is on the 5 to 10 gbps DDOS udp flood attacks so i search to see if a 20gbps filtering firewall could work in the real world of April 2015 and help me mitigate 1-16gbps attacks. My problem is to filter myself not ask upstrream to help so i really speak of how i can filter this and if anyone here had setup playing at this level of gbps.
regards,
Ghislain.Some DDOS attacks can be nullified by simply changing the ip address(es) at the dns level.
Where a DNS lookup is taking place, you need to identify the rogue who is doing the dns lookup and send them off to 23.37.28.215 or 195.99.147.120 if you have a sense of humour which contrary to popular belief also includes these guys 77.87.229.22. ;D -
I can tell you this much….
Windows firewall doesnt get affected by any of these attacks. If you put the server out front and only have WF running and forwarding traffic to the server then it can handle it easily.
It seems to only affect UNIX/Linux/BSD distros.
But MS are no longer supporting ISA server or its later rebranded versions last time I looked, but there might still be a way of exploiting the windows core in similar circumstances.
-
Could be. And yes its not supported any more.
But we were testing…..