artplanet Posted October 18, 2014 (edited) · Report post Собственно есть несколько железок Radware DefencePro двух моделей, DP 3020 и DP12412 Ни на одной из моделей я не смог заставить блокировать UDP флуд, а именно, стоит игровой сервер. аля контр страйк, работает по UDP, и тут на игровой порт UDP начинают литься левые пакеты. В итоге эти хваленые железки ничего не могут с этим сделать, причем не важно какой силы флуд, 2 гигабита был в пике, а сегодня атаки были по 5 менабит, всего 5 мегаюбит! Есть ли человек, который может помочь настроить эту железку для защиты от UDP флуда так, чтобы во время атаки игровой сервер был доступен и нормально работал. Oct 18 20:05:12 10.10.14.131 DefensePro: 18-10-2014 20:05:12 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 109.226.75.183 57718 91.214.70.155 28015 5 Regular "artplanet" sampled 1 0 701 0 N/A high forward Oct 18 20:05:12 10.10.14.131 DefensePro: 18-10-2014 20:05:12 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 109.254.70.42 51774 91.214.70.155 28015 7 Regular "artplanet" sampled 1 0 701 0 N/A high forward Oct 18 20:05:12 10.10.14.131 DefensePro: 18-10-2014 20:05:12 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 78.37.226.38 53633 91.214.70.155 28015 1 Regular "artplanet" sampled 1 1 701 0 N/A high forward Oct 18 20:05:12 10.10.14.131 DefensePro: 18-10-2014 20:05:12 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 46.0.27.174 56824 91.214.70.155 28015 1 Regular "artplanet" sampled 1 0 701 0 N/A high forward Oct 18 20:05:12 10.10.14.131 DefensePro: 18-10-2014 20:05:12 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 5.165.54.234 62715 91.214.70.155 28015 7 Regular "artplanet" sampled 1 1 701 0 N/A high forward Oct 18 20:05:12 10.10.14.131 DefensePro: 18-10-2014 20:05:12 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 0.0.0.0 0 91.214.70.155 28015 0 Regular "artplanet" ongoing 13629 9604 701 0 N/A high forward Oct 18 20:05:17 10.10.14.131 DefensePro: 18-10-2014 20:05:17 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 76.222.188.108 47692 91.214.70.155 28015 5 Regular "artplanet" sampled 1 0 701 0 N/A high forward Oct 18 20:05:17 10.10.14.131 DefensePro: 18-10-2014 20:05:17 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 152.183.213.184 52120 91.214.70.155 28015 3 Regular "artplanet" sampled 1 0 701 0 N/A high forward Oct 18 20:05:17 10.10.14.131 DefensePro: 18-10-2014 20:05:17 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 176.116.253.239 64295 91.214.70.155 28015 1 Regular "artplanet" sampled 1 2 701 0 N/A high forward Oct 18 20:05:17 10.10.14.131 DefensePro: 18-10-2014 20:05:17 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 112.113.142.150 15728 91.214.70.155 28015 3 Regular "artplanet" sampled 1 0 701 0 N/A high forward Oct 18 20:05:17 10.10.14.131 DefensePro: 18-10-2014 20:05:17 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 200.20.170.131 7368 91.214.70.155 28015 5 Regular "artplanet" sampled 1 0 701 0 N/A high forward Oct 18 20:05:17 10.10.14.131 DefensePro: 18-10-2014 20:05:17 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 176.116.253.239 64295 91.214.70.155 28015 1 Regular "artplanet" sampled 1 1 701 0 N/A high forward Oct 18 20:05:17 10.10.14.131 DefensePro: 18-10-2014 20:05:17 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 0.0.0.0 0 91.214.70.155 28015 0 Regular "artplanet" ongoing 47869 30529 701 0 N/A high forward Oct 18 20:05:22 10.10.14.131 DefensePro: 18-10-2014 20:05:22 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 62.16.15.216 2110 91.214.70.155 28015 7 Regular "artplanet" sampled 1 0 701 0 N/A high forward Oct 18 20:05:22 10.10.14.131 DefensePro: 18-10-2014 20:05:22 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 83.110.247.167 63059 91.214.70.155 28015 5 Regular "artplanet" sampled 1 0 701 0 N/A high forward Oct 18 20:05:22 10.10.14.131 DefensePro: 18-10-2014 20:05:22 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 162.102.2.221 31394 91.214.70.155 28015 5 Regular "artplanet" sampled 1 0 701 0 N/A high forward Oct 18 20:05:22 10.10.14.131 DefensePro: 18-10-2014 20:05:22 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 5.229.128.132 21765 91.214.70.155 28015 5 Regular "artplanet" sampled 1 0 701 0 N/A high forward Oct 18 20:05:22 10.10.14.131 DefensePro: 18-10-2014 20:05:22 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 128.115.31.69 22400 91.214.70.155 28015 3 Regular "artplanet" sampled 1 0 701 0 N/A high forward Oct 18 20:05:22 10.10.14.131 DefensePro: 18-10-2014 20:05:22 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 79.99.52.205 63095 91.214.70.155 28015 5 Regular "artplanet" sampled 1 1 701 0 N/A high forward Oct 18 20:05:22 10.10.14.131 DefensePro: 18-10-2014 20:05:22 WARNING 240 Anomalies "TCP handshake violation, first packet not syn" TCP 213.13.65.187 80 91.214.68.236 45019 5 Regular "artplanet" occur 1 0 701 0 N/A low drop Oct 18 20:05:22 10.10.14.131 DefensePro: 18-10-2014 20:05:22 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 0.0.0.0 0 91.214.70.155 28015 0 Regular "artplanet" ongoing 20520 14549 701 0 N/A high forward Oct 18 20:05:27 10.10.14.131 DefensePro: 18-10-2014 20:05:27 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 159.75.71.76 17311 91.214.70.155 28015 3 Regular "artplanet" sampled 1 0 701 0 N/A high forward Oct 18 20:05:27 10.10.14.131 DefensePro: 18-10-2014 20:05:27 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 86.115.76.213 54266 91.214.70.155 28015 5 Regular "artplanet" sampled 1 1 701 0 N/A high forward Oct 18 20:05:27 10.10.14.131 DefensePro: 18-10-2014 20:05:27 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 208.178.153.126 9936 91.214.70.155 28015 5 Regular "artplanet" sampled 1 0 701 0 N/A high forward Oct 18 20:05:27 10.10.14.131 DefensePro: 18-10-2014 20:05:27 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 162.131.201.193 63394 91.214.70.155 28015 7 Regular "artplanet" sampled 1 0 701 0 N/A high forward Oct 18 20:05:27 10.10.14.131 DefensePro: 18-10-2014 20:05:27 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 149.15.167.58 26517 91.214.70.155 28015 7 Regular "artplanet" sampled 1 0 701 0 N/A high forward Oct 18 20:05:27 10.10.14.131 DefensePro: 18-10-2014 20:05:27 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 93.156.255.175 50720 91.214.70.155 28015 3 Regular "artplanet" sampled 1 1 701 0 N/A high forward Oct 18 20:05:27 10.10.14.131 DefensePro: 18-10-2014 20:05:27 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 0.0.0.0 0 91.214.70.155 28015 0 Regular "artplanet" ongoing 41938 30610 701 0 N/A high forward Oct 18 20:05:32 10.10.14.131 DefensePro: 18-10-2014 20:05:32 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 163.132.53.232 7331 91.214.70.155 28015 1 Regular "artplanet" sampled 1 0 701 0 N/A high forward Oct 18 20:05:32 10.10.14.131 DefensePro: 18-10-2014 20:05:32 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 79.165.224.207 61794 91.214.70.155 28015 5 Regular "artplanet" sampled 1 0 701 0 N/A high forward Oct 18 20:05:32 10.10.14.131 DefensePro: 18-10-2014 20:05:32 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 77.1.51.156 64699 91.214.70.155 28015 7 Regular "artplanet" sampled 1 1 701 0 N/A high forward Oct 18 20:05:32 10.10.14.131 DefensePro: 18-10-2014 20:05:32 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 2.111.159.103 58286 91.214.70.155 28015 5 Regular "artplanet" sampled 1 1 701 0 N/A high forward Oct 18 20:05:32 10.10.14.131 DefensePro: 18-10-2014 20:05:32 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 137.240.161.101 60553 91.214.70.155 28015 1 Regular "artplanet" sampled 1 0 701 0 N/A high forward Oct 18 20:05:32 10.10.14.131 DefensePro: 18-10-2014 20:05:32 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 217.66.157.19 39855 91.214.70.155 28015 5 Regular "artplanet" sampled 1 1 701 0 N/A high forward Oct 18 20:05:32 10.10.14.131 DefensePro: 18-10-2014 20:05:32 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 0.0.0.0 0 91.214.70.155 28015 0 Regular "artplanet" ongoing 25420 21354 701 0 N/A high forward Oct 18 20:05:37 10.10.14.131 DefensePro: 18-10-2014 20:05:37 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 46.164.234.146 49766 91.214.70.155 28015 1 Regular "artplanet" sampled 1 1 701 0 N/A high drop Oct 18 20:05:37 10.10.14.131 DefensePro: 18-10-2014 20:05:37 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 46.0.27.174 56824 91.214.70.155 28015 1 Regular "artplanet" sampled 1 0 701 0 N/A high drop Oct 18 20:05:37 10.10.14.131 DefensePro: 18-10-2014 20:05:37 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 91.122.30.62 62917 91.214.70.155 28015 5 Regular "artplanet" sampled 1 1 701 0 N/A high drop Oct 18 20:05:37 10.10.14.131 DefensePro: 18-10-2014 20:05:37 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 78.37.226.38 53633 91.214.70.155 28015 1 Regular "artplanet" sampled 1 1 701 0 N/A high drop Oct 18 20:05:37 10.10.14.131 DefensePro: 18-10-2014 20:05:37 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 212.54.172.170 48852 91.214.70.155 28015 3 Regular "artplanet" sampled 1 0 701 0 N/A high drop Oct 18 20:05:37 10.10.14.131 DefensePro: 18-10-2014 20:05:37 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 157.29.168.54 14749 91.214.70.155 28015 3 Regular "artplanet" sampled 1 0 701 0 N/A high drop Oct 18 20:05:37 10.10.14.131 DefensePro: 18-10-2014 20:05:37 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 0.0.0.0 0 91.214.70.155 28015 0 Regular "artplanet" ongoing 22807 18261 701 0 N/A high forward Oct 18 20:05:42 10.10.14.131 DefensePro: 18-10-2014 20:05:42 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 95.89.5.241 48479 91.214.70.155 28015 5 N/A "artplanet" sampled 1 0 701 0 N/A high forward Oct 18 20:05:42 10.10.14.131 DefensePro: 18-10-2014 20:05:42 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 93.105.42.37 9139 91.214.70.155 28015 3 N/A "artplanet" sampled 1 0 701 0 N/A high forward Oct 18 20:05:42 10.10.14.131 DefensePro: 18-10-2014 20:05:42 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 70.204.253.55 21574 91.214.70.155 28015 7 N/A "artplanet" sampled 1 0 701 0 N/A high forward Oct 18 20:05:42 10.10.14.131 DefensePro: 18-10-2014 20:05:42 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 46.159.69.99 16285 91.214.70.155 28015 3 N/A "artplanet" sampled 1 1 701 0 N/A high forward Oct 18 20:05:42 10.10.14.131 DefensePro: 18-10-2014 20:05:42 WARNING 70 Behavioral-DoS "network flood IPv4 UDP" UDP 41.74.94.94 49705 91.214.70.155 28015 1 N/A "artplanet" sampled 1 0 701 0 N/A high forward Edited October 18, 2014 by artplanet Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
Kmax Posted October 19, 2014 · Report post Судя по логам полиси стоит на только репорт . Попробуйте поменять на блок и репорт. Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
artplanet Posted October 20, 2014 · Report post Как раз стоит блок. Да и в логах иногда форвард, а иногда блок. Вообще ищу человека который поможет настроить железку, отблагодарю. Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
Kmax Posted October 21, 2014 · Report post Скинь конфигурацию в личку. Гляну. Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
artplanet Posted October 22, 2014 · Report post Что то вы в личке не ответили :-( Все еще ищу спецов Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
Merridius Posted October 23, 2014 (edited) · Report post Ну а связаться с суппортом производителя что мешает? Edited October 23, 2014 by Merridius Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...