Hello misc,
We are using OpenBSD 6.9 amd64 as firewall.
In the last few days, the firewall has started to fail. As a result of my
investigations, I observed that the attack was made with hping from the local
network (by a trainee student...) and this tcp syn attack inflated the Firewall
States.
Then I added the following lines to pf.conf:
pass in quick proto tcp from any to any \
port www keep state \
(max 5000, source-track rule, max-src-nodes 75, \
max-src-states 3, tcp.established 60, tcp.closing 5)
Yes, this time the firewall states did not rise, but strangely, the result was
the same. I'm connected to the device via the console port: I run commands like
ifconfig, but the command output is very slow. CPU usage %1 on OpenBSD. Memory
usage is 10% but the system behaves as if it is under overload.
How can I avoid this situation? Thanks in advance.
P.S.
By the way, the attack size with hping is only 90mbit/s. CPU processor is Atom
C3558.
