Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    DDOS / SYN using udp.pl and hping3 testing

    Firewalling
    1
    1
    1143
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      godtor last edited by

      Hello,

      so we have a pfsense box that we use for the BGP (we have 2 internet connections in BGP, each one with 200 Mbps bandwidth). Our upstream providers have some ddos / syn protections, they block hping3 and they filter ddos but not entirely. The good thing is that we can block a ./udp.pl attack from the pfsense box (adding a rule to block the attackers IP) and the ddos will not affect us, the problem is that we want to create a rule that will auto block any DDOS.

      Any ideas on how can i do this with pfsense ? I have tried several rules on my lan (for testing) but no luck. I am flooding myself with ./udp.pl and hping3, for udp.pl i have tried the Maximum number of unique source hosts option and now the attack will show on the firewall log but pfsense is passing this traffic and not blocking it so i need some rule to block this.

      For hping3 i have tried Maximum number of established connections per host (TCP only), Maximum new connections per host / per second(s) (TCP only) with synproxy state but it seems that all this will do nothing about the SYN flood, i can't even see the SYN in the firewall logs.. nothing.

      Any sugestions on how to block this attacks automatically, maybe using Snort ?

      Thank you !

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense Plus
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy