Differences

This shows you the differences between two versions of the page.

--- en:dpi:dpi_options:opt_ddos:ddos_dos:ddos_dos_udpflood [2020/02/05 17:35] – ↷ Page moved from en:dpi:dpi_options:base_functionality:opt_ddos:ddos_dos:ddos_dos_udpflood to en:dpi:dpi_options:opt_ddos:ddos_dos:ddos_dos_udpflood lexx26
+++ en:dpi:dpi_options:opt_ddos:ddos_dos:ddos_dos_udpflood [2024/09/26 15:29] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
 ====== Protection against UDP flood attack ======
+{{indexmenu_n>3}}
+This attack is handled by fragmented UDP packets. The target system has to spend a lot of resources to assemble and analyse them.
+The protection is carried out by disabling of unnecessary protocols on the site under protection. You can learn how to configure the protocol's filter here: [[en:dpi:dpi_options:opt_priority:priority_config|configuring priorities]].
+For a typical WEB site under protection, the required protocols are HTTP and HTTPS. Therefore the proper configuration looks like this:
+<code>
+http        cs0
+https       cs0
+default     drop
+</code>
+To convert the ready configuration file into the internal format and to send it to DPI:
+<code>
+cat my_dscp.txt|lst2dscp protocols.dscp
+mv protocols.dscp  /etc/dpi/protocols.dscp
+service fastdpi reload
+</code>
+The protection against DDos attack of DNS/NTP amplification type can be arranged similarly. This attack overloads the incoming channel by the traffic that exceeds the channel's capabilities. The operation of this protection is limited by operator's ability to provide additional channel capacity. If the inbound traffic exceeds this capacity, one has to rent additional channels or redirect the traffic to dedicated services that provide a protection against such attacks. They rent very wide channels to exceed the capabilities of DDoS attacks.

Profile

Settings

Differences