What would be considered the normal Packet Per Second rate for traffic originating from a cpanel server to a specific single destination IP (end user)
Recently had a script uploaded via a CMS exploit that was DOS'ing people with a UDP flood.
I've since removed the script and also disabled the offending CMS so that the user can upload a clean copy and also ensure it's patched. but I'd like to try and take some measures to prevent such a thing occurring the future
I'd also like to take some additional measures that minimise the impact should anyone else manage to do something similar, one of the things I was thinking of doing was limiting the UDP packetflow per destination
I was thinking anything over X PPS gets dropped at the firewall before it even egresses my network but i'm not entirely sure what a resonable number for X should be.
Recently had a script uploaded via a CMS exploit that was DOS'ing people with a UDP flood.
I've since removed the script and also disabled the offending CMS so that the user can upload a clean copy and also ensure it's patched. but I'd like to try and take some measures to prevent such a thing occurring the future
I'd also like to take some additional measures that minimise the impact should anyone else manage to do something similar, one of the things I was thinking of doing was limiting the UDP packetflow per destination
I was thinking anything over X PPS gets dropped at the firewall before it even egresses my network but i'm not entirely sure what a resonable number for X should be.