DDoS detection #53
Comments
|
It would be great! I hope it works. |
|
Hello Vincent. First of all, thanks for making this fantastic project available. As for the detection of DDos, would it be based on the amount of incoming flows or based on the volume of data or even based on the correction between both? This would be a huge facilitator of my service... if it were possible to configure triggers that, when fired, would execute a command in an exabgp, gobgp or any other. Looking forward to trying something like this. If I can help with anything, please let me know. |
|
Likely rule-based. And then, when flows are detected, yes, it would build flowspec/blackhole routes to be propagated with BGP. |
|
Hey @vincentbernat, any chance you can share the script Free use along side akvorado? |
|
No, sorry, I can't. |
|
Some tips to get started with DDoS and Akvorado are published here: https://vincent.bernat.ch/en/blog/2023-akvorado-ddos-flowspec |
|
@vincentbernat your article about DDoS detection is really inspiring. Do you any further ideas on ways to detect flooding attacks e.g. TCP SYN or even more sophisticated attacks like HTTPs floods, etc.. |
At Free, we are using the ClickHouse database to perform DDoS detection for attacks against our subscribers. This is currently a simple Python script. It would be nice to integrate that as a component in Akvorado.
The text was updated successfully, but these errors were encountered: