| View previous topic :: View next topic |
| Author |
Message |
wyn
Forum Newbie
Joined: 28 Jan 2010
Posts: 12
|
 Posted: Mon Feb 8, 2010 3:26 am Post subject: reserving bandwidth for certain IP's in case of DoS |
 |
|
Hello All,
Is it possible with QoS to reserve an amount of bandwidth for certain ip's? (i use vyatta in bridging mode)
I have a 100mbit connection, and in case of a denial of service attack i want to reserve 10Mbit to allow access from my IP, so that the maximum used amount bandwidth for the denial of service attack is 90Mbit, is this possible?
Best regards,
Wyn |
|
| Back to top |
|
 |
kenfelix
Super User
Joined: 11 Mar 2008
Posts: 449
|
| Posted: Mon Feb 8, 2010 1:49 pm Post subject: |
|
|
Are you talking in or outbound?
example,
If a DoS is conduct from any outside_sources to a inside host, you will need the bandwidth allocation done at the uplink connection. Placeing QoS and traffic policers at the interface the attacker is hitting or to a host on your inside network, is not going to help you at all.
Now, if you wanted to provide QoS in case a host is compromise and is part of a bigger Bot attack, you could deploy traffic allocation in this scenario with ease. |
|
| Back to top |
|
|
kenfelix
Super User
Joined: 11 Mar 2008
Posts: 449
|
| Posted: Mon Feb 8, 2010 1:50 pm Post subject: |
|
|
Are you talking in or outbound?
example,
If a DoS is conduct from any outside_sources to a inside host, you will need the bandwidth allocation done at the uplink connection. Placeing QoS and traffic policers at the interface the attacker is hitting or to a host on your inside network, is not going to help you at all.
Now, if you wanted to provide QoS in case a host is compromise and is part of a bigger Bot attack, you could deploy traffic allocation in this scenario with ease. |
|
| Back to top |
|
|
wyn
Forum Newbie
Joined: 28 Jan 2010
Posts: 12
|
| Posted: Tue Feb 9, 2010 12:11 am Post subject: |
|
|
Hey kenfelix, thanks for you reply.
In most cases attacks from the outside are filtered by our network provider. Our most common scenario of a DoS is when a person abuses one of our webservers to execute something malicious like a php or perl udp flood (which doesnt require any special privileges).
Do you happen to have a simple example how my configuration should look like in this case? |
|
| Back to top |
|
|
kenfelix
Super User
Joined: 11 Mar 2008
Posts: 449
|
| Posted: Tue Feb 9, 2010 6:40 am Post subject: |
|
|
Your best solution for this would be a snort rule to limiton the number sessions and or some PCRE expression or content inspection. You probably can find a can'd rule available and use that or re-write it, to meet your needs.
I haven't played with the IDS features on vyatta, but that's what I think would work in the scenarios that you described. Get a few books or google searches on advance snort rules and then look at the IDS features within vyatta. |
|
| Back to top |
|
|
|
Forum Subscriptions
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
