How best to defend against DOS

Hello All,
Currently utilizing IPfire for a school project and am currently trying to stop a dos from hping with the command: hping3 --flood -S -V --rand-source MY_IP but nothing really seems to stop it. I can sort of lower its effects my rate limiting, however none of the rules I could find in the IPS appeared to allow for detection/dropping of the bad network traffic.

Any suggestions, or do I need to look further upstream like say cloudflare?

@ebil_sep I have built IPFire solution specifically for hping3 SYN flood attack, see, the source code is here GitHub - vincentmli/BPFire at bpfire, you can either build your own iso/flash image or download iso/image here BPFire – Google Drive, I attempted to ask IPFire devs to enable kernel eBPF/XDP so DDoS solution can be built, no success so far :).

rate limit or suricata won’t work for hping3 SYN flood attack as your example has shown, the source IP for each SYN packet is random and spoofed, the proper way to counter SYN flood is to have SYN cookie implementation, the netfilter has SYNPROXY module which can be used to counter SYN flood attack, but you need to setup iptables rules manually to use SYNPROXY module since IPFire does not provide such option from the WebUI. the solution I built actually also use netfilter SYNPROXY module, but with XDP acceleration to stop high speed/volume SYN flood attack, and with WebUI option to enable easily :slight_smile:

Thanks for the detailed response. So the answer was to go a bit lower than the web GUI. Your solution with the fork looks awesome, but sadly might be considered going out of bounds for the project :sob:. As for playing with netfilter, I’ll have to play around with it a bit (though might also be out of scope for the project).
Thanks so much for responding and if I ever have to actually defend a public network, seems like your fork may be the way to go for now.

In most scenario, IPFire home users will not be the target of DDoS attack, small/medium size business could be potential target.