Best configuration to avoid ddos/dos outgoing attack



  • Hi

    I am having some challenging regarding a user who has a VPS and is flooding e.x UDP packets. Actually it is a dos/ddos script.
    He made the firewall to freeze… which affected all other users ofcourse. That was not exptected from me, since the outgoing attack only was approx. 500-600mbit.

    I am having a 1Gbit WAN connection. I can survive 900mbit incoming attack but i did not expect that an outgoing attack on 500mbit would let everyone down.

    All servers are on 1Gbit switch. I am not interested in limiting the port to 100mbit since many VPS are on same physical switch.

    Now to the question.. :-)

    How to protect against such type of misuse? What is the best setup? Should it be done from pfsense? Are we talking about snort? Traffic shaper? limiting UDP packets? Should I upgrade to 10Gbit WAN and links between fw/switch and then limiting to 1gbit/port.

    My setup:

    WAN-----Firewall------>Switch------>ESXi----> VM

    Thanks in advance!



  • Bump  :)

    Any input is appreciated.



  • If anyone is really hammering your link, it can affect ACK and DNS requests in a big way.

    You could do it with the traffic shaper several different ways.  In general, create a traffic shaper and then put the IP address of the offending VPS in a low priority queue, or create a limiter and then set that IP address to use the limiter.



  • @KOM:

    If anyone is really hammering your link, it can affect ACK and DNS requests in a big way.

    You could do it with the traffic shaper several different ways.  In general, create a traffic shaper and then put the IP address of the offending VPS in a low priority queue, or create a limiter and then set that IP address to use the limiter.

    Thanks a lot! I will try this solution and return back.  ;)

    I am open for other inputs as well.


Log in to reply