amuck-landowner

How to prevent TCP/UDP network flood triggered by KVM VPS clients ?

vladimir

New Member
Hello,

How to to protect nodes/ detect and block KVM VPS clients that TCP/UDP flood the network ?

Maybe something like to set a PPS value 15k packets per second, run the script under a cron which checks every VPS packets per second - if it matches that value or exceed it shuts off the VPS and emails me with the date/time - vpsid - packet count. Does anyone have similar script ?
 

kcaj

New Member
15k/pps is pretty low, that'll restrict your clients to 180Mb/s throughput with your standard MTU at 1500. Assuming you're enabling clients with 1Gb/s uplinks, I'd suggest setting the bar at around ~70k/pps.
 

vladimir

New Member
DC report:

""Server xxx.xxx.xxx.xxx was shut for packet flood

5 minute input rate 57556000 bits/sec, 80886 packets/sec
5 minute output rate 5858000 bits/sec, 809 packets/sec""

I need some script to automatically detect such activity and shut down the guilty KVM VPS ( I'm using SolusVM).
 
Last edited by a moderator:

VPSSoldiers

New Member
DC report:

""Server xxx.xxx.xxx.xxx was shut for packet flood

5 minute input rate 57556000 bits/sec, 80886 packets/sec
5 minute output rate 5858000 bits/sec, 809 packets/sec""

I need some script to automatically detect such activity and shut down the guilty KVM VPS ( I'm using SolusVM).

Could always write one yourself.
 
Top
amuck-landowner