DOS - Internet Connection Lost
-
" overload and there is many block udp filter at the same time"
What do you consider many??? A DOS would be 1000''s in the same second.. Not a handful…
-
What do you consider many??? A DOS would be 1000''s in the same second.. Not a handful…
True, I'm assuming thousands per second or more.
-
Its always the same thing… oh my gawd I am getting DDOS'd when there is like 3 unknown things in their log in the last minute...
He posted 3 items... If it was like 3000 then maybe there might be something to the problem... 300 maybe lets look at it..
Oh my gawd this guy is attacking me... What should I do??
Hey have a internet issue, they see something in the log and the sky is falling this guy is attacking me.. When most likely with udp to 80 its just some p2p noise because his public IP use to be in a swarm.. I don't even log udp traffic to my wan, because its NOISE... There is quite a bit of it..
-
I disabled default logging because
- Signal to noise was crap because there's contantly scanning botnets
- when doing a DOS attack test, logging was eating up a ton of CPU, which makes perfect sense. Doing a filesystem IO operation every time a packet comes in is going to hose my CPU
How many packets per second are being talked about? How large are they?
The linked image is like 3 packets in a minute. -
dude I was making a joke.. No shit that image is not an attack…
-
Hello
You are very moquing johnpoz
If i take time to post it is because i have search beforeI am victim to ddos since friday
I have logs if you are interested…
I speek about 500 to 1000 udp packets per second with a lot of different ip
It is a ddosI have opened ticket to my isp
You think i can limit load ?
-
"1000 udp packets per second"
How about you post that in your OP next time…
You can not stop DDOS with a firewall.. it has to be upstream.. If they are filling up your pipe they are filling up your pipe, what your firewall does at the end of that pipe is completely moot.. If you want to lower the cpu pfsense does by logging the packets.. sure turn off logging..
-
A little example
-
If you block and don't log that traffic, you'll reduce the load on your firewall. But that won't actually help anything because it doesn't prevent your bandwidth from being fully consumed, which is why your connection is unusable.
-
If your driveway is full, turning off your doorbell won't stop the issue of not being able to use your driveway, but it will make it quieter in your house. If PFSense is responding fine, then your issue is your connection is flooded. The only way to protect against a volumetric attack is to have enough bandwidth.