0
DDoS Blackhole has been released on GitHub,
https://github.com/sflow-rt/ddos-blackhole. The application detects Distributed Denial of Service (DDoS) flood attacks in real-time and can automatically install a
null / blackhole route to drop the attack traffic and maintain Internet connectivity. See
DDoS for additional background.
The screen capture above shows a simulated
DNS amplification attack. The
Top Targets chart is a real-time view of external traffic to on-site IP addresses. The red line indicates the threshold that has been set at 10,000 packets per second and it is clear that traffic to address 192.168.151.4 exceeds the threshold. The
Top Protocols chart below shows that the increase in traffic is predominantly DNS. The
Controls chart shows that a control was added the instant the traffic crossed the threshold.
The Controls tab shows a table of the currently active controls. In this case, the controller is running in
Manual mode and is listed with a
pending status as it awaits manual confirmation (which is why the attack traffic persists in the
Charts page). Clicking on the entry brings up a form that can be used to apply the control.
The chart above from the
DDoS article shows an actual attack
Continue reading