Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
AttempGame2019-03-23 00:10:25
Computer networks
AttempGame, 2019-03-23 00:10:25

Has anyone ever practiced DDoS protection by filtering traffic?

I have a home server at home, my ISP cannot protect me from ddos. I decided to try and fight them on my own. A friend put an old PC with 3 network cards as a gateway for me. In general, everything is carried out on a FreeBSD-based OS - OPNSENSE or PfSense + Snort, who did it, is the scheme working?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

6 answer(s)
Report
D
dollar, 2019-03-23
@dollar

If you are hit by ddos ​​that exceeds the width of the channel, then you will not be able to cope on your own. You have about 100Mbps home internet. It is necessary to have a channel of at least 10 Gbps. So the only advice in your case is to change the external ip and no longer provoke ddos.

Report
R
Ruslan Fedoseev, 2019-03-23
@martin74ua

There is exactly one question. I found out your ip and sent you 1 Gbit UDP traffic on your port 79.
Your actions?

Report
D
Dmitry Shitskov, 2019-03-23
@Zarom

Depends on the type of attack. As you have already been told, if the attack is designed to clog the channel, you will not protect yourself from this. Even if you drop the packets - it's too late, the traffic has come to you and the channel has scored.
Another thing is if there is little traffic, but these are heavy requests that load your server. In this case - yes, by limiting the bandwidth to the number of packets per connection and the number of connections, you will protect your server.
Snort, it seems to me, will not be useful in your situation, because. requires sufficiently high performance and its functionality nikvk nk is aimed at protecting against ddos. Fail2ban is more suitable for you

Report
R
rPman, 2019-03-23
@rPman

You can run your server at home, but do not let anyone in from the public, moreover, it is recommended to keep the location (provider) and ip address secret. Instead, you purchase a ddos ​​protection service from some company of your choice (some even offer it for free up to a certain point, more precisely until the first attack) and proxy traffic to your service.
By the way, this can be even cheaper than placing your service with a company that provides anti-ddos protection (because that's how they make money).

Report
S
Stanislav Bodrov, 2019-03-29
@jenki

my ISP cannot protect me from ddos
He shouldn't do it. Tell him more thanks for not cutting traffic or not banning at all. He can do this, and with an intense attack he should.
In general, everything is carried out on a FreeBSD-based OS - OPNSENSE or PfSense + Snort, who did it, is the scheme working?
Nothing at all. An attack on the channel will simply exhaust the possibilities of the network channel to the server. The server itself can still famously grind packets, but it will be difficult for target packets to reach among junk traffic.

Similar questions
D
Denis Goltsev2016-04-05 21:28:19
How to organize infrastructure using Docker? 6Reply
A
Alexander Vasiliev2018-08-31 15:53:26
2 switches with cameras do not rise at once? 1Reply
A
Alexey Vasilyevich2016-04-06 13:39:34
What services do you recommend that allow you to save posts (with comments) from VK? 1Reply
S
Screamy Di2016-04-07 16:30:50
SOAP HTTP Bad Request. Why aren't the service functions called? 1Reply
A
Arch1e_off2020-08-06 21:27:04
Is it possible to connect both the router and the PC to the switch? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question