Best configuration to avoid ddos/dos outgoing attack
-
Hi
I am having some challenging regarding a user who has a VPS and is flooding e.x UDP packets. Actually it is a dos/ddos script.
He made the firewall to freeze… which affected all other users ofcourse. That was not exptected from me, since the outgoing attack only was approx. 500-600mbit.I am having a 1Gbit WAN connection. I can survive 900mbit incoming attack but i did not expect that an outgoing attack on 500mbit would let everyone down.
All servers are on 1Gbit switch. I am not interested in limiting the port to 100mbit since many VPS are on same physical switch.
Now to the question.. :-)
How to protect against such type of misuse? What is the best setup? Should it be done from pfsense? Are we talking about snort? Traffic shaper? limiting UDP packets? Should I upgrade to 10Gbit WAN and links between fw/switch and then limiting to 1gbit/port.
My setup:
WAN-----Firewall------>Switch------>ESXi----> VM
Thanks in advance!
-
Bump :)
Any input is appreciated.
-
If anyone is really hammering your link, it can affect ACK and DNS requests in a big way.
You could do it with the traffic shaper several different ways. In general, create a traffic shaper and then put the IP address of the offending VPS in a low priority queue, or create a limiter and then set that IP address to use the limiter.
-
@KOM:
If anyone is really hammering your link, it can affect ACK and DNS requests in a big way.
You could do it with the traffic shaper several different ways. In general, create a traffic shaper and then put the IP address of the offending VPS in a low priority queue, or create a limiter and then set that IP address to use the limiter.
Thanks a lot! I will try this solution and return back. ;)
I am open for other inputs as well.