ddos-protect don't show flood
51 views
Skip to first unread message
Ryszard Wyka
Dec 23, 2024, 5:34:17 PM12/23/24
to sFlow-RT
Hi.
I just setup sflow-rt/ddos-protect on my testing
environment. When i run ping -f ip.of.my.router flows browser shows
something is happening so I think everything should work.
But when I run ddos-protect graphs for icmp flod shows nothing:
Should this looks like that ?
Peter Phaal
Dec 23, 2024, 5:42:45 PM12/23/24
to sFlow-RT
You need to configure the Address Groups under the Settings tab to define the set of protected target addresses. Attacks profiles detect flows from external addresses to protected local addresses.
There are a number of examples listed in this article:
You might want to try hping3 for simulating attack traffic:
Ryszard Wyka
Dec 24, 2024, 3:36:17 AM12/24/24
to sFlow-RT
Thanks for helping it was it. I didn't know how important this is. First I add 85.255.0.0/16 so source of attack and the destination was in this same subnet and nothing happened. Then I delete this setting.
After your suggestion I added ip with mask /26 then source and destination were in different subnet and everything starts working great.
Thanks for helping and Happy Christmas for everyone.
After your suggestion I added ip with mask /26 then source and destination were in different subnet and everything starts working great.
Thanks for helping and Happy Christmas for everyone.
Reply all
Reply to author
Forward
0 new messages