How does the ProxySG appliance handle a DDOS attack using SSH?

book

Article ID: 168324

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction


An attack or DDOS attack using SSH on the proxy will cause usage of memory to be increased until appliance resources are exhausted. 

Cause

Each access attempt to SSH on the appliance will cause the SSH component to use memory. A single SSH session uses very little memory on the appliance, however, but multiple SSH attempts like DDOS could cause an issue as mentioned above. When resources are exhausted, the appliance enters a mode known as memory regulation. At this point, the appliance will not accept further connections on any port until memory is freed up by the existing connections terminating naturally.

Resolution

There should be another appliance like a firewall or an IPS that filters the internet traffic before it reached the proxy and could prevent DDOS attack.

Workaround

Please refer to the Resolution above.