Hello All,
Currently utilizing IPfire for a school project and am currently trying to stop a dos from hping with the command: hping3 --flood -S -V --rand-source MY_IP but nothing really seems to stop it. I can sort of lower its effects my rate limiting, however none of the rules I could find in the IPS appeared to allow for detection/dropping of the bad network traffic.
Any suggestions, or do I need to look further upstream like say cloudflare?
rate limit or suricata won’t work for hping3 SYN flood attack as your example has shown, the source IP for each SYN packet is random and spoofed, the proper way to counter SYN flood is to have SYN cookie implementation, the netfilter has SYNPROXY module which can be used to counter SYN flood attack, but you need to setup iptables rules manually to use SYNPROXY module since IPFire does not provide such option from the WebUI. the solution I built actually also use netfilter SYNPROXY module, but with XDP acceleration to stop high speed/volume SYN flood attack, and with WebUI option to enable easily
Hello,
Thanks for the detailed response. So the answer was to go a bit lower than the web GUI. Your solution with the fork looks awesome, but sadly might be considered going out of bounds for the project . As for playing with netfilter, I’ll have to play around with it a bit (though might also be out of scope for the project).
Thanks so much for responding and if I ever have to actually defend a public network, seems like your fork may be the way to go for now.
Justin