We need a solution that will prevent our Instances from doing DDOS attacks and other malicious activities. We use VMware Integrated OpenStack with NSX and are getting in trouble with our Server provider ( OVH ) about these types of alerts
2017.06.03 05:29:49 CESTXXX.XXX.XXX.XXX:35149 XXX.XXX.XXX.XXX:13010 TCP SYN 2048 98304 ATTACK:TCP_SYN
2017.06.03 05:29:49 CEST XXX.XXX.XXX.XXX:45259 XXX.XXX.XXX.XXX:13010 TCP SYN 2048 98304 ATTACK:TCP_SYN
2017.06.03 05:29:49 CEST XXX.XXX.XXX.XXX:64795 XXX.XXX.XXX.XXX7:13010 TCP SYN 2048 98304 ATTACK:TCP_SYN
We have looked at Trend Micro Deep Security but not sure if it would be the right solution. In addition I am sure NSX would have something built in to prevent these types of attacks from occuring via our customers VM's
Would love to hear some solutions or advice.
How about this? The NSX Distributed Firewall must be configured to restrict it from accepting outbound IP packets th...
Ensure to be up to date with CVEs on the environment. For more info, see https://www.vmware.com/ca/security/advisories.html
Hello
Thanks for the link but that is not what I am after.
I am more talking about utilizing NSX security rules to prevent VM's from performing DDoS outbound from our VMware OpenStack/NSX environment.
How about this? The NSX Distributed Firewall must be configured to restrict it from accepting outbound IP packets th...
Thank for that info it certainly is a step in the right direction and I may implement this however I was more leaning to preventing customers that use our VIO from performing DDoS activities such as syn flood...I am sure NSX is smart enough to prevent this but I cannot seem to find any guide or article regarding this.
"In order to protect your network from ACK or SYN floods, you can set Service to TCP-all_ports or UDP-all_ports and set Action to Block for the default rule."
Hello
I just drilled down the links which I did not do before and it appears that your guide is EXACTLY what I am after. Thanks!!!