I don't have an answer to your question, but I would recommend that you
contact your ISP and talk to them about the problem. I have not read his
blog in some time, but Steve Gibson (of Gibson Research - Shields Up and
Spinrite software) described a problem he was having with DDoS attacks
and his ISP was able to protect him from them.
Is your interface set to drop packets silently, or does it respond with
ICMP destination unreachable/port unreachable messages?
And, from the forums:
https://forum.pfsense.org/index.php?topic=87369.5;wap2
One more thought:
http://www.wedebugyou.com/2012/11/how-to-prevent-and-mitigate-ddos-part1/
On 12/7/2015 8:40 AM, Joshua Young wrote:
We have recently been the target of DDoS attacks. The same interface is
targeted each time. Is there any way we can shut down this interface
automatically when this happens? Is there a way to maybe set a threshold
for traffic and, when it reaches that threshold, automatically shut the
interface down? When this happens, the pfSense is overwhelmed and our
entire WAN loses Internet connectivity. I figure if we can shut the one
interface that is being targeted down before the traffic gets to the point
of saturating our bandwidth, then just that one network would be down
rather than our entire WAN.
--
Robert Obrinsky President Robert Obrinsky Industries, LLC 1908 SE 45th
Avenue Portland, OR 97215 Office 503.719.4387 Mobile 503.752.8489
http://www.roillc.com
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
