Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DOS - Internet Connection Lost

    Scheduled Pinned Locked Moved Firewalling
    14 Posts 4 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator
      last edited by

      " overload and there is many block udp filter at the same time"

      What do you consider many???  A DOS would be 1000''s in the same second..  Not a handful…

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        @johnpoz:

        What do you consider many???  A DOS would be 1000''s in the same second..  Not a handful…

        True, I'm assuming thousands per second or more.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          Its always the same thing… oh my gawd I am getting DDOS'd when there is like 3 unknown things in their log in the last minute...

          He posted 3 items... If it was like 3000 then maybe there might be something to the problem...  300 maybe lets look at it..

          Oh my gawd this guy is attacking me...  What should I do??

          Hey have a internet issue, they see something in the log and the sky is falling this guy is attacking me.. When most likely with udp to 80 its just some p2p noise because his public IP use to be in a swarm..  I don't even log udp traffic to my wan, because its NOISE...  There is quite a bit of it..

          under_attack.png
          under_attack.png_thumb

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • H
            Harvy66
            last edited by

            I disabled default logging because

            1. Signal to noise was crap because there's contantly scanning botnets
            2. when doing a DOS attack test, logging was eating up a ton of CPU, which makes perfect sense. Doing a filesystem IO operation every time a packet comes in is going to hose my CPU

            How many packets per second are being talked about? How large are they? The linked image is like 3 packets in a minute.

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by

              dude I was making a joke.. No shit that image is not an attack…

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • B
                bartounet
                last edited by

                Hello
                You are very moquing johnpoz
                If i take time to post it is because i have search before

                I am victim to ddos since friday
                I have logs if you are interested…
                I speek about 500 to 1000 udp packets per second with a lot of different ip
                It is a ddos

                I have opened ticket to my isp

                You think i can limit load ?

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  "1000 udp packets per second"

                  How about you post that in your OP next time…

                  You can not stop DDOS with a firewall.. it has to be upstream.. If they are filling up your pipe they are filling up your pipe, what your firewall does at the end of that pipe is completely moot.. If you want to lower the cpu pfsense does by logging the packets.. sure turn off logging..

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • B
                    bartounet
                    last edited by

                    A little example

                    http://pastebin.com/vhxDyP3p

                    1 Reply Last reply Reply Quote 0
                    • C
                      cmb
                      last edited by

                      If you block and don't log that traffic, you'll reduce the load on your firewall. But that won't actually help anything because it doesn't prevent your bandwidth from being fully consumed, which is why your connection is unusable.

                      1 Reply Last reply Reply Quote 0
                      • H
                        Harvy66
                        last edited by

                        If your driveway is full, turning off your doorbell won't stop the issue of not being able to use your driveway, but it will make it quieter in your house. If PFSense is responding fine, then your issue is your connection is flooded. The only way to protect against a volumetric attack is to have enough bandwidth.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.