Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is it possible to stop 2 GBPS UDP flood attack ?

    Scheduled Pinned Locked Moved Firewalling
    6 Posts 4 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CrK01
      last edited by

      Hi,

      I represent a gameserver company and we are getting ddos every day.

      Normally they throw up to us 700-800 MBPS. Our catalyst 2960G presents packet loss ( we have 1gbps uplink and switch is 48 ports - 1000 MBPS ).

      Sometimes we get 2,3 gbps ( UDP, flood attack allways ).

      I was thinking to put a firewall between our ISP router ( plenty capable ) and our catalyst, but I saw that some commercial hardware anti DDOS systems aren't cheap  ( http://www.fortinet.com/products/fortiddos/index.html )

      So, before anything, dou you think that pfsense suits for this scneario ? ( Of course I can achieve a bigger pipe before, but I think this won't be much problem, for example 4gbps )

      My question is, will my state table be full in seconds ? ( for example for 900K packets per second )

      The idea is to put this on one of our dedicated servers ( quad core + 4 or 8 gb ram for example and 10 GB NIC )

      Any info would be much appreciated.

      Regards,

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Any firewall is the wrong answer to mitigating large scale DDoS. It's why the firewall vendors sell DDoS mitigation appliances and not firewalls for such circumstances. You'll blow up the state table, and/or hit the maximum new connections per second that any firewall can handle, very quickly in such circumstances.

        1 Reply Last reply Reply Quote 0
        • S
          Supermule Banned
          last edited by

          http://cert.societegenerale.com/resources/files/IRM-4-DDoS.pdf

          1 Reply Last reply Reply Quote 0
          • S
            Supermule Banned
            last edited by

            This is one of the reasons you want L7 inspection in the FW itself.

            It will help you on DDos on the application level.

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              @Supermule:

              This is one of the reasons you want L7 inspection in the FW itself.

              It will help you on DDos on the application level.

              No, it'll just melt down your firewall much, much faster because of the higher overhead of greater inspection.

              1 Reply Last reply Reply Quote 0
              • marcellocM
                marcelloc
                last edited by

                Limit connections/second on wan rules to force ddos ips to get included on deny lists could be an cheap work around?  ???

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.