Filtering UDP packet with certain length

Z

zulus

Hello,

Is there a way to filter UDP packets with certain length with FreeBSD (PF or IPFW)? I'm suffering from a UDP flood with packets with 0 or 1 length.
 
That server is the gateway to other services which are DDoS-flooded. im tryin I'm trying to protect them.
 
Are you aware that by blocking all incoming connections except the ones specifically allowed you'll be already doing the most you can do about DDOS attacks yourself?

If that does not help you'll have to contact your connection provider for assistance.
 
That is not a solution which fit for my case. That is why I ask for help with firewall but looks like FreeBSD is not helpful in that case.
 
Look, if the packets are reaching your firewall there is nothing else to do but drop them if you don't want to let them trough. Stop thinking that there is some magical "DDOS protection" that can be implemented with a firewall, such thing does not exist.
 
Well I'm trying to drop particular type of packets UDP with Length 0 which are DDosing one of my internal servers .. my upstream is fat enough to handle the DDOS like 10G.

So I think you get my point, right?
 
You might want to try something like the following:

# ipfw add 1 deny udp from any to any iplen 20,21 via [color="DarkOrange"]EXTIF[/color] in

Notes:

This assumes that ipfw(8)() is up and running.

Replace EXTIF by the actual external interface name.

The iplen parameters include the IP header length. If there are no optional fields, then the IHL is 20 bytes, and so this rule would block UDP packets coming in via the external interface having 20 bytes IHL and zero or 1 byte of data. If there are optional fields in the DDoS packets, then you have to tweek the numbers a little bit.
 
You must log in or register to reply here.
Back
Top