DOS protection using Bitninja? Will it work?
-
Hi all,
Thought I would post this just to see if anyone else has opinions or has alternatives.
I am trying to host an internal web server behind Pfsense using 1:1 NAT to a CentOS box running Apache firewall ports have been opened (80 + 443). However when I get a friend to stress test the connection with a DOS attack. Pfsense gives up and I am no able to connect to it, the web box or access the network on any other LAN in the network. FYI the web server is on a VLAN.
I am thinking maybe Bitninja may be able to help me out prevent this. Any other suggestions would be greatly appreciated.
Further info:
I have a 500mbps download and 50mbps upload. Cat 6 to the servers. Modem taking in coax fibre and converting to a Cat 6 connection. Internal net speed is 1gbps (950mbps)
Thanks,
Ben
-
idk about Bitninja, i never hear about it, but i saw people here using cloudflare
-
@kiokoman — Can you elaborate please? Ideally I want to have protection here as I will have multiple domains. So unfortunately setting up CloudFlare for every domain just isn’t worth it.
Thanks.
-
you just add all the domain records to the cloudflare GUI and change the nameserver from your provider to cloudflare
Replace with Cloudflare's nameservers:
Nameserver 1
aragorn.ns.cloudflare.com
Nameserver 2
nina.ns.cloudflare.com
Registrars typically process nameserver updates within 24 hours. Once this process completes, Cloudflare confirms your site activation via email.https://support.cloudflare.com/hc/en-us/articles/360000841472
https://support.cloudflare.com/hc/en-us/articles/205195708-Step-3-Change-your-domain-name-servers-to-Cloudflare)
https://www.cloudflare.com/rate-limiting/they will basically proxying the traffic to your real web server, your real ip is hidden behind cloudflare
-
@kiokoman - thanks for that. I just want some protection on the firewall itself ideally. That’s why I am wondering if anyone has any ideas.
Thanks though. ;)
-
You are unable to connect between internal interfaces when testing?
What hardware are you using? Do you see the CPU pegging at 100%?
What sort of test are you using? Is the firewall blocking that traffic?
There's nothing you can do at the firewall if the WAN is just full but you should still be able to send traffic between internal subnets.
Steve
-
This post is deleted! -
Dear Ben
BitNinja has a highly configurable DoS detection module where you can set the maximum number of simultaneous connections per IP address in general or you can set the threshold by remote or local connections based on port numbers.
We have information about over 15 million IP addresses so most of the infected/ malicious servers are blocked by default.
The upload and download speed is not an issue.I am more than happy to answer any questions.
Best regards,
BitNinja.io -
BitNInja appears to be a host based security solution so it can only have limited affect against the attack discussed. Though I have only looked briefly.
If the attack is filling the WAN entirely or using all the available CPU cycles at the firewall nothing at the target server is going to help much.
Steve
