DDoS Detection

[sozie]

Hello everyone,

My question may seem a little silly to you, but I think it's important. During the marketing of containers (so VPS eh), it regularly happens that people make outbound DDoS attacks.

My question being, is it possible to set up a script, or any other solution on Proxmox, that would allow this detection, and would suspend the service concerned.

Thank you in advance.

 

[oguz]

hi,

if the attacks are outbound from your hosts, then your best bet to monitor such activity would be checking the logs in your firewall. depending on your firewall it might have IDS-like capabilities. otherwise you could try setting up any network monitoring solution to look for high amounts of outbound traffic.

 

[sozie]

Hello,

Thank you for your response. The problem being that attacks coming from our hosts can be very important because of the network, and can impact during a strong attack (everything depends on the offer of the person, and therefore the bandwidth allocated to him) our network globally.

That's why I wanted to see with you, if you know of a monitoring system that has already been created, and that I could set up? Thank you in advance.

 

[Thalix]

Use netfliter or iptables rate limiting for outgoing connections. Use google to see the syntax. Keywords are "netfilter rate limiting conntrack"

 

[William Edwards]

FastNetMon?

 

[sozie]

Thank you for your response. It does sound interesting. The question being, is it well managed with Proxmox? What I mean is, is it going to analyze only local traffic, or all VM/CT?

 

[William Edwards]

Thank you for your response. It does sound interesting. The question being, is it well managed with Proxmox? What I mean is, is it going to analyze only local traffic, or all VM/CT?

Proxmox doesn't really have anything to do with DDoS detection. FastNetMon would run on your gateways.

 

[sozie]

I'm sorry I'm not really a Proxmox pro yet, but I guess you're talking about my network gateways?

 

[sozie]

@William Edwards