What is the biggest attack in GBPS you stopped
-
Exactly and it takes pfSense offline immediately!
Which it shouldnt do if everything was working as it should.
-
-
Be constructive Doktor!
This is an iinvitation to test with me. Then you can see and analyze yourself and help out.
And yes if this hits you then you are.
-
Again, if you have a piece of infrastructure that has a vulnerability and you cannot mitigate it upstream, I would seriously question the security design of your network.
… or a better solution, change the hardware.
Change the architecture.
I have a Palo Alto on the border because I want a security appliance there, and then there's an F5 behind that, and of course pfSense next. This is just a general, high level view; there's more than this. I support customers in finance and life sciences.
If I cannot handle an attack with those security layers, I escalate to the ISP.
With my SMB customers I'm looking at the Mirkotek as a $40 "fix" to stop the SYN packets in front of their pfSense installations. As I mentioned before, I might be inclined to test it out with Supermule to see if it is effective.
-
I would be glad to help Tim :)
-
So I tested it with Supermule.
Well I have 3 links (40/100, 20/20, 20/20)He took me down in 1 second with approx 3.09 Mbit traffic.
I have webserver behind this and all I see in that log is few lines of ACKs sent back and then silence.He syn flooded me on one (1) line out of 3 and everything went down.
Very nice >:(
-
So attack on one IP with 3.09mbit of traffic took down master AND slave as well despite not even running on that public IP??
Correct?
-
Yes, everything went down in less than 5 seconds.
-
You could be right on this one.
Yeah, we are all doomed. @Supermule:
Exactly and it takes pfSense offline immediately!
-
The kid in me wants more DDoS anecdotes.
The adult in me wants more debugging.Do syncookies and/or syn-cache help any?
I have a few days free. Send me the damn thing and I will read the FreeBSD handbook and solve what I can.
-
@supermule have you opened a bug report on redmine with some specifics & mailed the script/software/procedure to the devs ?
i doubt we'll get this sorted without their assistance.also, someone (who knows freebsd) should try to replicate it on stock freebsd
-
SSDD….
-
Yeah, we are all doomed. @Supermule:
Exactly and it takes pfSense offline immediately!
Yes you are. Never seen an active idiot like you on a forum. All your post (went through 100's, quite boring) are only negative, either you post google pics, "WTF", "NO", or "HELL"
Be a man, do some test before putting out shit…
-
@supermule have you opened a bug report on redmine with some specifics & mailed the script/software/procedure to the devs ? i doubt we'll get this sorted without their assistance.
No, of course not. It's much better to start a 20page "PM me to get DoS-ed" thread. ::)
Be a man, do some test before putting out shit…
What'd be purpose of the test? To post here yet another "oh noes, pfS died, t3h suxxx"?
-
I think the main point is there is no reason to scream fire in the same theater twice.
I'm sure whatever can be done will be done.
I'm just a casual bystander and for me the thread got boring already because I know the main pfsense guys and more than likely people inside BSD are on it by now.
The people who are continuing the thread already shed light on things but will not be the same people who resolve the issue.
So me personally… I think its time already to let the coders do their magic and wait.
-
Monthly updates for a long standing critical flaw would be nice. But I can appreciate busy programmers, been there, done that.
-
This is either really grave and so incurable that no one wants to officially talk about it and report back to community or they haven't figured out what Supermule does to bring it down.
Either ways this is very concerning. It's funny how you see no signs of devs being cocky about this like other issues. I hope that means they are hard at work. Really, pfsense will be useless if this is what happens…
I think we all owe Supermule a BIG thank you! Anyone says anything else is trying to hide this serious issue.
If devs have nothing to say to what Supermule has established then this is probably a business decision to shoot down the free version. I wonder if previous versions - all the way back to 1.2.3 - are also effected y this (Supermule would you please test?). If they are not then this is most likely a business decision. If they are, then it's probably an inherent issue with FreeBSD that needs attention.
-
This is either really grave and so incurable that no one wants to officially talk about it and report back to community or they haven't figured out what Supermule does to bring it down.
Either ways this is very concerning. It's funny how you see no signs of devs being cocky about this like other issues. I hope that means they are hard at work. Really, pfsense will be useless if this is what happens…
I think we all owe Supermule a BIG thank you! Anyone says anything else is trying to hide this serious issue.
If devs have nothing to say to what Supermule has established then this is probably a business decision to shoot down the free version. I wonder if previous versions - all the way back to 1.2.3 - are also effected y this (Supermule would you please test?). If they are not then this is most likely a business decision. If they are, then it's probably an inherent issue with FreeBSD that needs attention.
FUD, pure ans simple.
Unfortunately, although an issue has been identified, the root cause has not. Rather than fan the flames of "this sucks and so do the dev", what may I ask are you doing to determine the root cause?
pfSense is an open source community project. It's unfortunate that apparently most of the community is made up of weaksauce, cheese-eating surrender monkeys. Lots of whine with that cheese…
-
what may I ask are you doing to determine the root cause?
Yeah. The whole point here is that NOTHING is done to fix this. So this Supermule guy has a new toy, and goes like this:
_> Hey, I've got these top secret scripts. PM me to get DoS-ed
OK, here's the IP
Haha, pfSense died in seconds, gotcha! Watch this YT video. How did it feel? Did it suck?
Yeah, pretty much._This has been going on for about two months, with a bunch of crappy YT videos produced, nothing determined, and producing a completely useless thread with a bunch of ridiculous shit like the conspiracy stuff or suggestions to replace pf with the mighty Windows firewall.
Supermule, hand over the stuff to someone who has a clue => pfSense/FreeBSD devs. No offense, but you certainly do NOT have the know-how to determine the cause of the problem, let alone fix it. Enough of this crap already! Not entertaining, and a pure waste of time.
:( >:( >:(
-
SuperMule gave a link to a 3rd-party DOS testing service that has this exact same attack. Sounds like a fairly standard attack to me if 3rd-part DOS testing services already have this attack. He has provided packet dumps that included all valid UDP or TCP packets, just from a range of source IPs and ports.
Sounds strait forward. PFSense copes well with a single IP address attacking, but blows up with many different IPs. Completely guess since I didn't bother to pay for the service to test out doing a DOS instead of DDOS of said attack.