dealing with DoS - practical tips & tools?

Michael Sierchio kudzu at
Fri Apr 3 15:54:12 UTC 2020

On Fri, Apr 3, 2020 at 1:56 AM Dave Cottlehuber <dch at> wrote:

yesterday I saw another mild DoS attack on our network. Typically we get
> UDP floods and similar generic attacks, and also websocket-specific "layer
> 7" attacks from random IPs.
> Typically a few applications go offline when sockets are exhausted, or
> when their rate limiting kicks in hard.
> Currently my setup is naive:
> - pf with manual blocklists as required
> - haproxy for layer7 blocklists
> - off-server logs indexed in graylog
> Which is pretty limited in both understanding what's happening *right
> now*, and also doing anything other than manual reaction to issues, *after*
> they impact users.
> ...

> Are there any FreeBSD tools that people could recommend? Any tunables that
> help with resilience?

I can't help with pf, since I use ipfw, but... I use gRED / RED courtesy of
Dummynet.  Depending on where you apply the pipe, it helps a great deal
with things like DDoD where blocking IP addresses doesn't reduce the
traffic a whit.


"Well," Brahmā said, "even after ten thousand explanations, a fool is no
wiser, but an intelligent person requires only two thousand five hundred."

- The Mahābhārata

More information about the freebsd-questions mailing list