DDoS attack reaction - what Fortinet can do

Forum|Forum|8 years ago
December 18, 2017
1 reply
5292 views

Hi,

We have customer (school) who wants to block DDoS attacks from internal network to external destinations. No problem to do this. But requirement is to block this source IP completely for a while. Is this possible?

I know that I can block communication like ICMP (in case of ICMP flood) or HTTPS in case of web DDoS. But what about complete blocking?

Usually those users are students with laptops affected by some viruses or malware. And those laptops can´t be managed by Forticlient or something like this. What they want is that in case system detect DDoS pattern client is completely blocked for about 2 hours (for all communication). This function is quite new so I don´t have experience with this in real traffic.

Carl_Wallmark

New Member

Hi,

Yes, a Fortigate should be able to do this:

Create a DoS_Policy, then edit the policy in CLI and choose the protocol you want, here is an example for UDP_Flood:

Firewall_name (anomaly) # edit udp_flood

Firewall_name (udp_flood) # get

name : udp_flood status : disable log : disable action : pass quarantine : none threshold : 2000 threshold(default) : 2000

Firewall_name (udp_flood) # set quarantine

none Quarantine is disabled. attacker Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded