DOS/DDOS mitigation with Pfsense
Hi guys , I hope you all are set at a secure public network that attackers couldn’t get you out of the network :D
well ,as you already know DOS/DDOS attacks are some sort of headache for network/system administrators . so today we’re going to kinda mitigate them in a simple but effective way .I assume that you have a fully functional Pfsense up & running .
so just login to the Pfsense and install Suricata package :
after installing those package it’s time to configure Suricata :
so go to the following path :
- Services
- Suricata
- Interfaces
and add your desierd interfaces ( mostly people add LAN here ) .
don’t forget to check Enabled option .
as we want to mitigate DOS/DDOS attacks we need to block offenders so just check the block offenders option too .
you may change other things on this page too ( as I did … )
the last part that we gonna config in this page is the pass list option
pass lists are ip addresses that we don’t want to mitigate attacks on them :)
now it’s time to configure rules , my recommendation is to check the “Install ETOpen Emerging Threats rules” option on the global settings as it help us to mitigate some threats ( for i.e tor addresses)
well , save them and go to interfaces page , edit the interface that you already have been added and go to LAN category :
if you don’t want to get into trouble my recommendation is Connectivity policy :D
here u can enable some categories for i.e ( tor addresses and … )
now we’re going to add our custom rules for DOS/DDOS mitigation , first disable all rules ( put category on active rules and disable them ) :
now go to custom rules category and add the following rules :
now everything should be find , go and attack your self with stress testing tools to see if everything is okay or nah .
thanks 4 reading .
