User Tools

Site Tools



This shows you the differences between two versions of the page.

Link to this comparison view

freebsd:pf_attack_mitigation [2014/11/10 09:48]
tschulz created
freebsd:pf_attack_mitigation [2014/11/10 09:52] (current)
Line 1: Line 1:
 ====== Packet Filter Attack Mitigation ====== ====== Packet Filter Attack Mitigation ======
 +===== Example =====
 <​file>​ <​file>​
 table <​abusive_hosts>​ persist table <​abusive_hosts>​ persist
 block in quick from <​abusive_hosts>​ block in quick from <​abusive_hosts>​
-pass in on $ext_if proto tcp to $web_server port www flags S/SA keep state (max-src-conn 100, max-src-conn-rate 15/5, overload <​abusive_hosts>​ flush)+pass in on $ext_if proto tcp to $web_server port www \  
 +flags S/SA keep state 
 +(max-src-conn 100, max-src-conn-rate 15/5, overload <​abusive_hosts>​ flush)
 </​file>​ </​file>​
 +===== Break it down line by line =====
 +  - define a table to store abusive hosts
 +  - block the abusive hosts
 +  - pass traffic to the web server
 +  - you need "flags S/SA keep state"
 +  - if a host creates more than 100 at a time or creates 15 connections a sec it is placed in abusive_hosts
freebsd/pf_attack_mitigation.1415634534.txt.gz · Last modified: 2014/11/10 09:48 by tschulz