Hi,
I have a setup with 3 machines as follows:
A--->B--->C
Machine A: attacker
Machine B: firewall (pf)
Machine C: victim
I am transmitting UDP flood from A to C and expecting B to block the 50% of the UDP flood so that 50% of the flood is not sent to C.
I have the following rule in pf.conf on machine B:
On machine A, I perform the attacks using hping3. When I run hping3 to generate packets with random sources using the following:
it works as expected and 50% of the traffic is blocked on B. However when I run hping3 to generate packets with the same source using the following command:
PF does NOT block the flood. All the traffic is passed to machine C which is not expected. Any ideas why PF works when the flood is from random source but does not work when it's from a single source?
Thanks in advance.
I have a setup with 3 machines as follows:
A--->B--->C
Machine A: attacker
Machine B: firewall (pf)
Machine C: victim
I am transmitting UDP flood from A to C and expecting B to block the 50% of the UDP flood so that 50% of the flood is not sent to C.
I have the following rule in pf.conf on machine B:
Code:
# UDP_Flood prevention: Drop 50% of all port 69
block in log (all) quick on $ext_if proto udp to any port { 69 } probability 50% hping3 --flood --rand-source --udp 10.0.1.2 -p 69it works as expected and 50% of the traffic is blocked on B. However when I run hping3 to generate packets with the same source using the following command:
hping3 --flood --udp 10.0.1.2 -p 69PF does NOT block the flood. All the traffic is passed to machine C which is not expected. Any ideas why PF works when the flood is from random source but does not work when it's from a single source?
Thanks in advance.