Hello,
we are using Sophos UTM 9.1 to protect our network from several intrusions.
But now we have new problems: The Sophos Anti-DoS system does not mitigate attacks like we want it.
Especially one funtionionality is missing: not every service sends the same number of packets per second.
For example TeamSpeak servers will send quite more packets than a webserver. Or Minecraft Servers will send more packets per second than a database server.
Wouldn't it be better to give the possibility to also set packet-limits per service?
Another point: We often seem to receive attacks from identical subnets. It is a lot of work to add all these addresses into my blacklist.
What is about a possibility to set automatical blacklisting?
For example if the client sends more packets per seconds than the limit, just set him for 30 seconds to the blacklist. If he tries again, then again 30 seconds.
If someone sends like 1000pps more than the limit, blacklist him for 1 minute.
If he tries 2500pps over limit, blacklist him for 5 minutes and so on.
I know that it isn't always one IP address who is attacking, but it would help to block more unwanted traffic.
If there are already solutions for what i suggested, I would thank you if you would tell me that.
Otherwise... Let's discuss about it!
Chris, dotmanagedeu
This thread was automatically locked due to age.
