dealing with DoS - practical tips & tools?
Michael Sierchio
kudzu at tenebras.com
Fri Apr 3 15:54:12 UTC 2020
On Fri, Apr 3, 2020 at 1:56 AM Dave Cottlehuber <dch at skunkwerks.at> wrote:
yesterday I saw another mild DoS attack on our network. Typically we get
> UDP floods and similar generic attacks, and also websocket-specific "layer
> 7" attacks from random IPs.
>
> Typically a few applications go offline when sockets are exhausted, or
> when their rate limiting kicks in hard.
>
> Currently my setup is naive:
>
> - pf with manual blocklists as required
> - haproxy for layer7 blocklists
> - off-server logs indexed in graylog
>
> Which is pretty limited in both understanding what's happening *right
> now*, and also doing anything other than manual reaction to issues, *after*
> they impact users.
>
> ...
>
> Are there any FreeBSD tools that people could recommend? Any tunables that
> help with resilience?
>
I can't help with pf, since I use ipfw, but... I use gRED / RED courtesy of
Dummynet. Depending on where you apply the pipe, it helps a great deal
with things like DDoD where blocking IP addresses doesn't reduce the
traffic a whit.
--
"Well," Brahmā said, "even after ten thousand explanations, a fool is no
wiser, but an intelligent person requires only two thousand five hundred."
- The Mahābhārata
More information about the freebsd-questions
mailing list