VMware Networking Community
benjamin000
Enthusiast
Enthusiast
‎06-03-2017 10:34 AM
Jump to solution

Preventing VM's from creating DDoS and other attacks

We need a solution that will prevent our Instances from doing DDOS attacks and other malicious activities. We use VMware Integrated OpenStack with NSX and are getting in trouble with our Server provider ( OVH ) about these types of alerts

2017.06.03 05:29:49 CESTXXX.XXX.XXX.XXX:35149 XXX.XXX.XXX.XXX:13010 TCP SYN 2048 98304 ATTACK:TCP_SYN 

2017.06.03 05:29:49 CEST XXX.XXX.XXX.XXX:45259 XXX.XXX.XXX.XXX:13010 TCP SYN 2048 98304 ATTACK:TCP_SYN 

2017.06.03 05:29:49 CEST XXX.XXX.XXX.XXX:64795 XXX.XXX.XXX.XXX7:13010 TCP SYN 2048 98304 ATTACK:TCP_SYN

We have looked at Trend Micro Deep Security but not sure if it would be the right solution. In addition I am sure NSX would have something built in to prevent these types of attacks from occuring via our customers VM's

Would love to hear some solutions or advice.

Regards Ben McGuire
Tags (1)
Reply
0 Kudos
1 Solution

Accepted Solutions
6 Replies
parmarr
VMware Employee
VMware Employee
‎07-04-2017 03:48 AM
Jump to solution

Ensure to be up to date with CVEs on the environment. For more info, see https://www.vmware.com/ca/security/advisories.html

Sincerely, Rahul Parmar VMware Support Moderator
Reply
0 Kudos
benjamin000
Enthusiast
Enthusiast
‎07-04-2017 04:59 AM
Jump to solution

Hello

Thanks for the link but that is not what I am after.

I am more talking about utilizing NSX security rules to prevent VM's from performing DDoS outbound from our VMware OpenStack/NSX environment.

Regards Ben McGuire
Reply
0 Kudos
ITaaP
Enthusiast
Enthusiast
‎07-04-2017 10:16 AM
Jump to solution

How about this? The NSX Distributed Firewall must be configured to restrict it from accepting outbound IP packets th...

https://tactsol.com https://vmware.solutions
Reply
benjamin000
Enthusiast
Enthusiast
‎07-04-2017 10:53 AM
Jump to solution

Thank for that info it certainly is a step in the right direction and I may implement this however I was more leaning to preventing customers that use our VIO from performing DDoS activities such as syn flood...I am sure NSX is smart enough to prevent this but I cannot seem to find any guide or article regarding this.

Regards Ben McGuire
Reply
0 Kudos
ITaaP
Enthusiast
Enthusiast
‎07-04-2017 11:02 AM
Jump to solution

"In order to protect your network from ACK or SYN floods, you can set Service to TCP-all_ports or UDP-all_ports and set Action to Block for the default rule."

https://tactsol.com https://vmware.solutions
Reply
0 Kudos
benjamin000
Enthusiast
Enthusiast
‎07-05-2017 02:27 AM
Jump to solution

Hello

I just drilled down the links which I did not do before and it appears that your guide is EXACTLY what I am after. Thanks!!!

Regards Ben McGuire
Reply
0 Kudos