Actions
Support #1992
closedTesting DDOS attack
Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
Label:
Description
Actually we are adding a local rule for ddos attack,
Like this
drop tcp any any -> any any (flags: S; msg:"Possible TCP DoS"; flow: stateless; threshold: type both, track by_dst, count 70, seconds 10; sid:10001;rev:1)
after that i am sending DDOS traffic through hping using "hping3 -S -p 80 --flood --rand-source 47.47.47.2" and within less than 10 seconds i am getting this rule in fastlog and traffic is getting dropped ,but after if i made pinging(nomal traffic) to the same interface and no rule is exist ,its not pinging.So can we tell how to test DDOS and DOS traffic and rule needed to be added.
Actions