Date: Fri, 3 Apr 2020 11:00:28 -0400 From: David Mehler <dave.mehler@gmail.com> To: Dave Cottlehuber <dch@skunkwerks.at> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: dealing with DoS - practical tips & tools? Message-ID: <CAPORhP45qLHf0WiEGHEpXAeBcki=-5xXXB1ij0LCLs2N0S_MBg@mail.gmail.com> In-Reply-To: <bb5105b4-78ab-4e6c-b4f6-70db867d690c@www.fastmail.com> References: <bb5105b4-78ab-4e6c-b4f6-70db867d690c@www.fastmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Where do you get your pf blocklists from? As for an idea try fail2ban see if that helps. Hth Dave. On 4/3/20, Dave Cottlehuber <dch@skunkwerks.at> wrote: > yesterday I saw another mild DoS attack on our network. Typically we get UDP > floods and similar generic attacks, and also websocket-specific "layer 7" > attacks from random IPs. > > Typically a few applications go offline when sockets are exhausted, or when > their rate limiting kicks in hard. > > Currently my setup is naive: > > - pf with manual blocklists as required > - haproxy for layer7 blocklists > - off-server logs indexed in graylog > > Which is pretty limited in both understanding what's happening *right now*, > and also doing anything other than manual reaction to issues, *after* they > impact users. > > Before we go full cloudflare or whatever, where DDoS protection which costs > an arm and a leg, what do people recommend as the next open-source steps? > > I'd like a couple of features - better real-time visibility, and some some > automation. > > perhaps: > > - last few hours of tcpdump level traffic, searchable in some form, > off-server > > - something partially automated that can update pf & haproxy tables when > Obviously Bad Things happen > > Are there any FreeBSD tools that people could recommend? Any tunables that > help with resilience? > > A+ > Dave > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPORhP45qLHf0WiEGHEpXAeBcki=-5xXXB1ij0LCLs2N0S_MBg>