Question about detecting DDOS (outgoing)
I run a small colo operation out of a couple datacenter racks; I am currently using pfsense as my firewall that all traffic passes through. Lately we have been getting bandwidth overage bills from the DC because of outgoing DDOS attacks… i.e. sending over 100mbit for 5-10 minute periods. Is there any way to firewall this or at least detect it so that I can receive some type of notification and manually block it?