IP identification when under attack
We are fairly new to using our infrastructure and after quite a few DDOS attack we have been moved to our own rack, however finding out IP's under attack has now become impossible other than logging into each machine and firing up wireshark.
Can pfsense provide a solution if we place it between our 2 x 1GB links on our switch and the data center, to provide us information of which IP is under attack so we can nullroute and to possibly filter smaller attacks?
Specification wise we have been thinking about a Quan Lan Supermicro board, E3-1230 and 8GB ram.
However would pfsense be able to run with our load on that box and provide us with the information we require when under attack?
Any help is much appreciated.