PF + ALT QUEUE for DDOS DNS attack
Kevin
k at kevinkevin.com
Tue Jul 14 23:15:39 UTC 2009
Greetings,
I am currently attempting to mitigate a DDoS attack on our network that is
comprised mainly of bogus DNS requests. The attacks seem to be coming in
waves of DNS queries on our internal systems.
I have tried several different ways of mitigating this, one of which is to
queue the DNS traffic via PF + ALTQ. I have attempted to limit the DNS
traffic to the particular host that is being attacked.
However, this doesn't seem to be very effective, as the nature of a DDoS
attack means that the queries being made are fairly simple and
straightforward.
I was hoping to get some tips / tricks from people who have encountered
similar scenarios. My firewall is (obviously) PF.
FreeBSD specific information :
FreeBSD fw 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #4: Tue Dec 16 13:00:03 EST
2008 fw at fw:/usr/obj/usr/src/sys/FW i386
I'm looking for tips / tricks as far as what I can do on the firewall level,
of course.
Any help is greatly appreciated! :)
~kevin
More information about the freebsd-pf
mailing list