Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 4005 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Limit IP conenction per second

ThienKieu

How i can limit ip connection per second , my server game has attacked DDROS and UDP from ipstresser.com . Thanks you



This thread was automatically locked due to age.
  • 0

    Hi, and welcome to the UTM Community!

    Please show a line or two from the Intrusion Prevention log when this problem occurs.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Here , this is just UDP Unicorn  i tested on this . But when i use ipstresser.com , it's nothing show in here :( , i think IPSTRESSER.COM use other DDOS Script

    2016:08:24-04:01:35 localhost ulogd[7219]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth1" srcmac="00:15:5d:f9:0
    6:83" dstmac="00:15:5d:3e:a1:2e" srcip="103.207.36.76" dstip="224.0.0.252" proto="17" length="61" tos="0x00" prec="0x00" ttl="1" srcport="55474" dstport="5355"
    2016:08:24-04:17:35 localhost ulogd[7219]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth1" srcmac="00:15:5d:f9:06:83" dstmac="00:15:5d:3e:a1:2e" srcip="103.207.36.76" dstip="224.0.0.252" proto="17" length="59" tos="0x00" prec="0x00" ttl="1" srcport="56081" dstport="5355"
  • 0 in reply to ThienKieu

    "UDP flood detected" means that you need to add an Exception in 'Intrusion Prevention'.  I'm confused that there would be an external, public IP (103.207.36.76) sending a multicast packet to your UTM so I can't suggest how to formulate the rule.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?