Hello misc,
We are using OpenBSD 6.9 amd64 as firewall.
In the last few days, the firewall has started to fail. As a result of my investigations, I observed that the attack was made with hping from the local network (by a trainee student...) and this tcp syn attack inflated the Firewall States.
Then I added the following lines to pf.conf:
pass in quick proto tcp from any to any \
port www keep state \
(max 5000, source-track rule, max-src-nodes 75, \
max-src-states 3, tcp.established 60, tcp.closing 5)
Yes, this time the firewall states did not rise, but strangely, the result was the same. I'm connected to the device via the console port: I run commands like ifconfig, but the command output is very slow. CPU usage %1 on OpenBSD. Memory usage is 10% but the system behaves as if it is under overload.
How can I avoid this situation? Thanks in advance.
P.S.
By the way, the attack size with hping is only 90mbit/s. CPU processor is Atom C3558.
No comments:
Post a Comment