# How to prevent TCP/UDP network flood triggered by KVM VPS clients ?



## vladimir (Sep 7, 2015)

Hello,

How to to protect nodes/ detect and block KVM VPS clients that TCP/UDP flood the network ?

Maybe something like to set a PPS value 15k packets per second, run the script under a cron which checks every VPS packets per second - if it matches that value or exceed it shuts off the VPS and emails me with the date/time - vpsid - packet count. Does anyone have similar script ?


----------



## kcaj (Sep 7, 2015)

15k/pps is pretty low, that'll restrict your clients to 180Mb/s throughput with your standard MTU at 1500. Assuming you're enabling clients with 1Gb/s uplinks, I'd suggest setting the bar at around ~70k/pps.


----------



## vladimir (Sep 7, 2015)

DC report:

""Server xxx.xxx.xxx.xxx was shut for packet flood

5 minute input rate 57556000 bits/sec, 80886 packets/sec
5 minute output rate 5858000 bits/sec, 809 packets/sec""

I need some script to automatically detect such activity and shut down the guilty KVM VPS ( I'm using SolusVM).


----------



## VPSSoldiers (Sep 8, 2015)

> DC report:
> 
> ""Server xxx.xxx.xxx.xxx was shut for packet flood
> 
> ...



Could always write one yourself.


----------

