Fighting DDOS attacks with pf
J David
j.david.lists at gmail.com
Mon Aug 20 16:23:16 UTC 2012
On Mon, Aug 20, 2012 at 12:07 PM, Kevin Wilcox <kevin.wilcox at gmail.com> wrote:
> Rather than block on the number of states, take a look at dropping
> based on the number of connections over some time delta.
>
> Specifically, max-src-conn and max-src-conn-rate.
Anything based on the source address is ineffective as the number of
attack packets from any given IP is very low (frequently 1 if they are
forged).
The goal for us is to clamp down on attacks directed at a given IP
quickly and effectively enough that only that IP is affected.
Thanks.
More information about the freebsd-pf
mailing list