DoS attack FROM inside network

Question

Hi

How can we protect when e.x a wordpress site get hacked and DoS booter script uploaded and used for DoS attacks against others, typically UDP flood. From internal (behind ftg) to internet

The thing is fortigate gets "jammed/freezed" or atleast we see packetloss all services behind fortigate. We tried to use traffic shaper, but somehow it passes the limitation.

e.x we set it to 200mbit (out pipeline is 1Gbit), in both direction but still the interface generate 1000mbit outgoing flood. We tried the flood DoS policy on LAN-WAN, it didnt work as well... It cant be truth that everything just get blocked due to 1 script which is making so much traffic.

how to protect against such kind of problem?

emnoc · Answer

Just place a dos-sensor on the lan interface for traffic policy that allows udp. This along with controlling the exact services you allow outbound, should be enough.

ATS is not the correct way for mitigating and udp_flooding & remember all policies and DoS Sensor does NOT do anything with eliminating the flooding on the local wire when it comes to udp

You really need to find and ID the source(s) and correct the host.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded