akvorado icon indicating copy to clipboard operation
akvorado copied to clipboard

Published 20 hours ago verified publisher icon akvorado

DDoS detection

Open vincentbernat opened this issue 2 years ago • 7 comments

At Free, we are using the ClickHouse database to perform DDoS detection for attacks against our subscribers. This is currently a simple Python script. It would be nice to integrate that as a component in Akvorado.

vincentbernat avatar Jul 26 '22 05:07 vincentbernat

It would be great! I hope it works.

drksbr avatar Aug 26 '22 16:08 drksbr

Hello Vincent. First of all, thanks for making this fantastic project available.

As for the detection of DDos, would it be based on the amount of incoming flows or based on the volume of data or even based on the correction between both?

This would be a huge facilitator of my service... if it were possible to configure triggers that, when fired, would execute a command in an exabgp, gobgp or any other.

Looking forward to trying something like this. If I can help with anything, please let me know.

drksbr avatar Aug 27 '22 17:08 drksbr

Likely rule-based. And then, when flows are detected, yes, it would build flowspec/blackhole routes to be propagated with BGP.

vincentbernat avatar Aug 27 '22 19:08 vincentbernat

Hey @vincentbernat, any chance you can share the script Free use along side akvorado?

BrendanHalley avatar Aug 28 '22 23:08 BrendanHalley

No, sorry, I can't.

vincentbernat avatar Aug 29 '22 03:08 vincentbernat

Some tips to get started with DDoS and Akvorado are published here: https://vincent.bernat.ch/en/blog/2023-akvorado-ddos-flowspec

vincentbernat avatar Apr 02 '23 16:04 vincentbernat

@vincentbernat your article about DDoS detection is really inspiring. Do you any further ideas on ways to detect flooding attacks e.g. TCP SYN or even more sophisticated attacks like HTTPs floods, etc..

doup123 avatar Jul 31 '23 12:07 doup123