Date: Fri, 22 Aug 2003 11:45:12 -0600 From: "Aaron Wohl" <freebsd@soith.com> To: "Andrew" <nev@hotbox.ru>, freebsd-ipfw@freebsd.org Subject: Re: Surviving HUGE DDoS Message-ID: <20030822174512.4DA9838266@www.fastmail.fm> In-Reply-To: <200308221345.h7MDjLUQ076142@www3.hotbox.ru> References: <200308221345.h7MDjLUQ076142@www3.hotbox.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
One thing thats of some help with syn flood is to allocate a fixed amount
of bandwith for new connections from rc.firewall:
${fwcmd} pipe 2 config bw 32Kbit/s queue 25KBytes
${fwcmd} add 2800 pipe 2 tcp from any to me setup in
That at least makes it so the rest of your existing and out going
connections arent disrupted. If the dos attacks are from fixed IP
addresses you can add filters for those before the above bandwidth limit.
Sounds like the attackers machine has a great network connection... do
they do colocation?
On Fri, 22 Aug 2003 17:45:21 +0400 (MSD), "Andrew" <nev@hotbox.ru> said:
> Hi,
>
> Is it possible to have FreeBSD firewall setup on 1Gb network
> to survive huge DDoS attacks.
> We are being dosed with syn flood about 1,500,000 packets/sec
> with traffic more than 500Mb/s?
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030822174512.4DA9838266>