ddos-protect don't show flood

51 views
Skip to first unread message

Ryszard Wyka

unread,
Dec 23, 2024, 5:34:17 PM12/23/24
to sFlow-RT
Hi.
I just setup sflow-rt/ddos-protect on my testing environment. When i run ping -f ip.of.my.router flows browser shows something is happening so I think everything should work.

Zrzut ekranu z 2024-12-23 15-01-58.png

But when I run ddos-protect graphs for icmp flod shows nothing:
Zrzut ekranu z 2024-12-23 15-02-12.png
Should this looks like that ?

Peter Phaal

unread,
Dec 23, 2024, 5:42:45 PM12/23/24
to sFlow-RT
You need to configure the Address Groups under the Settings tab to define the set of protected target addresses. Attacks profiles detect flows from external addresses to protected local addresses.

There are a number of examples listed in this article:


You might want to try hping3 for simulating attack traffic:

Ryszard Wyka

unread,
Dec 24, 2024, 3:36:17 AM12/24/24
to sFlow-RT
Thanks for helping it was it. I didn't know how important this is. First I add 85.255.0.0/16 so source of attack and the destination was in this same subnet and nothing happened. Then I delete this setting.
After your suggestion I added ip with mask /26 then source and destination were in different subnet and everything starts working great.

Thanks for helping and Happy Christmas for everyone.
Reply all
Reply to author
Forward
0 new messages