Date: Tue, 14 Jul 2009 18:55:40 -0400 From: "Kevin" <k@kevinkevin.com> To: <freebsd-pf@freebsd.org> Subject: PF + ALT QUEUE for DDOS DNS attack Message-ID: <00a001ca04d6$37a122e0$a6e368a0$@com>
next in thread | raw e-mail | index | archive | help
Greetings, I am currently attempting to mitigate a DDoS attack on our network that is comprised mainly of bogus DNS requests. The attacks seem to be coming in waves of DNS queries on our internal systems. I have tried several different ways of mitigating this, one of which is to queue the DNS traffic via PF + ALTQ. I have attempted to limit the DNS traffic to the particular host that is being attacked. However, this doesn't seem to be very effective, as the nature of a DDoS attack means that the queries being made are fairly simple and straightforward. I was hoping to get some tips / tricks from people who have encountered similar scenarios. My firewall is (obviously) PF. FreeBSD specific information : FreeBSD fw 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #4: Tue Dec 16 13:00:03 EST 2008 fw@fw:/usr/obj/usr/src/sys/FW i386 I'm looking for tips / tricks as far as what I can do on the firewall level, of course. Any help is greatly appreciated! :) ~kevin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00a001ca04d6$37a122e0$a6e368a0$>