Friday, March 26, 2021

DDoS question

We've had a couple attacks recently. Both were session based attacks the overwhelmed our fortigate. One was attacking RDP and one was IKE. Neither of which is open to the internet. The sessions were de oed but still to many per second. I had an idea of setting up nat pools for the schools that I think the kids who are starting it would be at it. Not that it's actually coming from the school I'd just be able to see which ip they are attacking in the logs so know who.looked up their Ip. This would narrow it down to an IP that just that school uses for out bound traffic. Not that it would help us catch them or mitigate the attack. Any issues this might cause? Anything else you can setup on fortigates that would help? I'm assumeing the built in DDoS tools are useless if the sessions are getting to it? I've looked into zayo DDoS protection but not sure it's worth the price for as little as this happens.



No comments:

Post a Comment