Hello misc,

We are using OpenBSD 6.9 amd64 as firewall.
In the last few days, the firewall has started to fail. As a result of my 
investigations, I observed that the attack was made with hping from the local 
network (by a trainee student...) and this tcp syn attack inflated the Firewall 
States.
Then I added the following lines to pf.conf:
pass in quick proto tcp from any to any \
       port www keep state \
       (max 5000, source-track rule, max-src-nodes 75, \
       max-src-states 3, tcp.established 60, tcp.closing 5)

Yes, this time the firewall states did not rise, but strangely, the result was 
the same. I'm connected to the device via the console port: I run commands like 
ifconfig, but the command output is very slow. CPU usage %1 on OpenBSD. Memory 
usage is 10% but the system behaves as if it is under overload.

How can I avoid this situation? Thanks in advance.

P.S.
By the way, the attack size with hping is only 90mbit/s. CPU processor is Atom 
C3558.

Reply via email to