Netgate SG-1000 microFirewall

Author Topic: How can i protect my Pfsense on DDOS of my Clients  (Read 210 times)

0 Members and 1 Guest are viewing this topic.

Offline nelltoledo

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
How can i protect my Pfsense on DDOS of my Clients
« on: November 14, 2017, 06:47:32 am »
i have many attack from my clients last month and my firewall got hang, can anyone give me an idea to protect my pfsense firewall from being attack by DDOS.

Thanks and Regard,

Online johnpoz

  • Hero Member
  • *****
  • Posts: 14479
  • Karma: +1342/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: How can i protect my Pfsense on DDOS of my Clients
« Reply #1 on: November 14, 2017, 08:39:02 am »
That is not an attack.. That is a alert on how many flows.. Those numbers mean nothing without context.. Those might be normal for what the devices is doing.. Simple p2p client could create hundreds of connections to different IPs in a few seconds..

I would suggest you do some research on what the flow flood alert is in ntop.. More than likely you just have the alert levels set too low for the type of traffic your clients are creating/doing..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline Harvy66

  • Hero Member
  • *****
  • Posts: 2219
  • Karma: +204/-12
    • View Profile
Re: How can i protect my Pfsense on DDOS of my Clients
« Reply #2 on: November 14, 2017, 10:42:41 am »
Quote
my firewall got hang
pfSense stopped responding? Internet went down? More details to what you tried and didn't work?

Offline nelltoledo

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: How can i protect my Pfsense on DDOS of my Clients
« Reply #3 on: November 14, 2017, 05:11:06 pm »
Thanks for the reply sir  johnpoz

and mr. harvy66 yes my internet went down after my firewall receive many flow floods

Online johnpoz

  • Hero Member
  • *****
  • Posts: 14479
  • Karma: +1342/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: How can i protect my Pfsense on DDOS of my Clients
« Reply #4 on: November 15, 2017, 09:42:19 am »
"firewall receive many flow floods"

Was that some other log.. 26 flows in 3 seconds is not anything to write home about.. Shoot a browser opening up a few pages could do that every time you launch it.. Shoot depending on the website and how they host images.. Say a forum page with user avatars hosted all over, or signature with images in them..

Not sure what your issue was - but not related to the number of flows..  Now if you had 26000 in 3 seconds that could be a problem ;)

- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline Harvy66

  • Hero Member
  • *****
  • Posts: 2219
  • Karma: +204/-12
    • View Profile
Re: How can i protect my Pfsense on DDOS of my Clients
« Reply #5 on: November 15, 2017, 01:32:48 pm »
I think we need some actual numbers of how many states you have, how many new ones are being created, and what your throughput is.