dealing with DoS - practical tips & tools?
kudzu at tenebras.com
Fri Apr 3 15:54:12 UTC 2020
On Fri, Apr 3, 2020 at 1:56 AM Dave Cottlehuber <dch at skunkwerks.at> wrote:
yesterday I saw another mild DoS attack on our network. Typically we get
> UDP floods and similar generic attacks, and also websocket-specific "layer
> 7" attacks from random IPs.
> Typically a few applications go offline when sockets are exhausted, or
> when their rate limiting kicks in hard.
> Currently my setup is naive:
> - pf with manual blocklists as required
> - haproxy for layer7 blocklists
> - off-server logs indexed in graylog
> Which is pretty limited in both understanding what's happening *right
> now*, and also doing anything other than manual reaction to issues, *after*
> they impact users.
> Are there any FreeBSD tools that people could recommend? Any tunables that
> help with resilience?
I can't help with pf, since I use ipfw, but... I use gRED / RED courtesy of
Dummynet. Depending on where you apply the pipe, it helps a great deal
with things like DDoD where blocking IP addresses doesn't reduce the
traffic a whit.
"Well," Brahmā said, "even after ten thousand explanations, a fool is no
wiser, but an intelligent person requires only two thousand five hundred."
- The Mahābhārata
More information about the freebsd-questions