EFW Support

Support => General Support => Topic started by: scp on Tuesday 29 May 2012, 04:15:03 pm



Title: DOS Attack on Endian 2.5.1 from GREEN
Post by: scp on Tuesday 29 May 2012, 04:15:03 pm
During evaluation of Endian 2.5.1 I've tried to start a DOS attack on the firewall from a computer situated on the GREEN network side using LOIC [Low Orbit Ion Cannon].

Endian is not blocking the traffic from the computer. I get a nearly full processor load on all eight cores. Isn't there a DOS protection, which blocks such traffic. Whe I compare this to Sophos UTM software: Sophos UTM automatically blocks traffic from a computer, when a DOS attack is launched.


Title: Re: DOS Attack on Endian 2.5.1 from GREEN
Post by: mrkroket on Wednesday 30 May 2012, 04:28:46 am
Did you enabled IPS/snort?
Did you changed the dos rules to block instead of warning? (red shield icon)
Did you check the Intrusion Prevention logs?

If you did all these, unfortunately snort default rules doesn't block LOIC attacks, you must create your custom SNORT rules:
http://.spiderlabs.com/2011/01/loic-ddos-analysis-and-detection.html (http://.spiderlabs.com/2011/01/loic-ddos-analysis-and-detection.html)