Date: Wed, 21 Sep 2011 09:06:08 -0400 From: Mauricio =?iso-8859-1?Q?L=F3pez?= <mlopezqc@gmail.com> To: freebsd-questions <freebsd-questions@freebsd.org> Subject: Blacklisting DOS IPs Message-ID: <20110921130608.GA3759@mauricio-desktop>
next in thread | raw e-mail | index | archive | help
I'm currently using a pfSense box as a gateway and I was recently victim of a DNS DOS attack. That made me think how I could blacklist those IPs automatically. I looked through the pf documentation and the thing that seemed more like it was the max-src-conn-rate option, but then I realized that it's useless with UDP when some hosts send you vast amounts of packets. I'm thinking about making an script using awk and pftop output to watch for states that have more than 1Mb of traffic (regular DNS queries aren't that big) and put those hosts in a table for blocking. My question is if it is there some other more efficient solution for this problem. Thanks in advance -- Saludos de Mauricio López-Quintana Conesa Administrador de Redes Dirección de Patrimonio Oficina del Historiador
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110921130608.GA3759>