dealing with DoS - practical tips & tools?
David Mehler
dave.mehler at gmail.com
Fri Apr 3 15:00:50 UTC 2020
Hello,
Where do you get your pf blocklists from?
As for an idea try fail2ban see if that helps.
Hth
Dave.
On 4/3/20, Dave Cottlehuber <dch at skunkwerks.at> wrote:
> yesterday I saw another mild DoS attack on our network. Typically we get UDP
> floods and similar generic attacks, and also websocket-specific "layer 7"
> attacks from random IPs.
>
> Typically a few applications go offline when sockets are exhausted, or when
> their rate limiting kicks in hard.
>
> Currently my setup is naive:
>
> - pf with manual blocklists as required
> - haproxy for layer7 blocklists
> - off-server logs indexed in graylog
>
> Which is pretty limited in both understanding what's happening *right now*,
> and also doing anything other than manual reaction to issues, *after* they
> impact users.
>
> Before we go full cloudflare or whatever, where DDoS protection which costs
> an arm and a leg, what do people recommend as the next open-source steps?
>
> I'd like a couple of features - better real-time visibility, and some some
> automation.
>
> perhaps:
>
> - last few hours of tcpdump level traffic, searchable in some form,
> off-server
>
> - something partially automated that can update pf & haproxy tables when
> Obviously Bad Things happen
>
> Are there any FreeBSD tools that people could recommend? Any tunables that
> help with resilience?
>
> A+
> Dave
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list