[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: protection against DDoS with Syn-Flood

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: protection against DDoS with Syn-Flood
From: Karsten McMinn <tenyou_(_at_)_gmail_(_dot_)_com>
Date: Tue, 1 Feb 2005 09:41:41 -0800
Reply-to: Karsten McMinn <tenyou_(_at_)_gmail_(_dot_)_com>

In my experiences my openbsd firewalls are bored silly all the time-
granted i've never really benchmarked them past 1k pps-ish (packets
per second). if they are using a total of 70mbit in/out for their
connection they would be pushing ~around~ 18k pps. The major
limitations or large scale use of the pf code is normally nic drivers,
ruleset layouts and occasionally cpu speed, but I've heard in order to
really touch cpu issues you need to be reaching really high pps number
(read 100k pps). So to answer your question, yes, I think the
syn-proxy code could do the job easily.

-Karsten

On Tue, 1 Feb 2005 17:59:07 +0100 (CET), Stefan Kell <skba_(_dot_)_opbsd_(_at_)_gmx_(_dot_)_de> wrote:
> Hi folks,
> 
> starting on monday, heise-online (http://www.heise.de), a wellknown german
> newssite, is under a massive ddos attack with syn-flooding. As far as I
> know, they are connected to the net with 100mbit/s via switches and load
> balancers directly at the central de-cix node in Frankfurt. Their load
> balancers crashed due to the heavy load according to heise-online.
> 
> Question to the specialists here: could OpenBSD's syn-proxy feature handle
> the situation better, especially without crashes? What parameters could be
> optimized so that this load can be handled?
> 
> Thanks for your answers
> 
> Stefan Kell

Prev by Date: Reasonable size for state table in pf.conf
Next by Date: Re: page fault in RAMDISK_CD kernel on latest snapshot
Previous by thread: Reasonable size for state table in pf.conf
Next by thread: Re: protection against DDoS with Syn-Flood
Index(es):
- Date
- Thread

Visit your host, monkey.org