Pfsense freeze at DDoS attack - Tuning?
-
Currently seeing 7,5mbit and 140K states and the pipe becomes unstable using ping….
-
We could test againt http://store.netgate.com and see how robust it is??
I mean we report something and no reply at all to what can be done to make it more robust/resistent.
-
Its a weekend man - I'm sure they will be getting back with you Monday. No need to DDOS their stores I think. haha
-
I wouldnt do that, but hey…. what to do to get their attention to this pretty important issue :)
-
I imagine they want to give their GFs and wives a little personal time sometimes…
Maybe there is currently no fix? Nothing to say? Things are always quieter on the forum weekends...
Plus in texas where a few of the main guys are located, its like EARLY morning.
-
Only the earliest bird cataches the fattest worms ;)
-
DDOS'n someone else's servers is probably a great way to get the FBI involved.
-
Its for testing purposes :D
No harm done. They sell it, we test it against what they have….
No crime involved :D
-
For me it looks like the attack bypass the syncookie feature, and then causing this massive ACK from pfsense = too much to handle… crash...
-
I got an out-of-the-box install on my pfsense, and I got no custom WAN firewall/rules, I also got no vpn_WAN rules either, can any1 link me a guide for that?
Im alone in my household and I only use WAN for outgoing DNS and for establishing an openvpn connection.
-
A DDOS guide for WAN rules and OpenVPN? What? Are you in the correct thread?
-
What are your WAN firewall rules? By default, PFSense should be dropping incoming data, not responding to it.
Im wondering about this reply, since it suggests that rules are needed for wan interface.
-
What are your WAN firewall rules? By default, PFSense should be dropping incoming data, not responding to it.
Im wondering about this reply, since it suggests that rules are needed for wan interface.
If you want to listen for connections, which is why I asked because DDOS attacks have different characteristics if you accept connections than if you don't.
-
You can kill a pfsense FW even if no rules are applied on WAN…and thats weird.
-
?? Are you saying this specifik SYN flood kills the firewall with states even if you have no PASS rules on the WAN interface? So it accepts the packet and creates a state even though it should be blocked?
I'm worried about this issue! Still no word or reply from the pfsense guy's?
-
I think it doesn't actually create a state, I think it adds a route according to one person's idea of what's going on.
-
?? Are you saying this specifik SYN flood kills the firewall with states even if you have no PASS rules on the WAN interface? So it accepts the packet and creates a state even though it should be blocked?
I'm worried about this issue! Still no word or reply from the pfsense guy's?
I thought you guys had port 80 or port forwarding on to a webserver ?
So with a 5Mbit connection you can take down any fresh install of pfSense ?
F.
-
It doesnt create a state… its difficult to explain.
On the test setup we have closed port 80. Hammering it makes it loose packets and becoming inresponsive. It takes around 60mbit of traffic.
If we open port 80, this can be achieved with only 5mbit using specific scripts...
-
Okay, that helps a bit… Not much, but a bit.
What about ESF? Still no word from the devs? -
Chris has been in touch with Lowprofile and they will create a test environment.
Havent heard anything else yet…
