Tempesta FW `perfstat` analyzing for CDN amplification & bypass attacks detection

To catch [DDoS CDN amplification attacks](https://www.usenix.org/conference/usenixsecurity24/presentation/lin-ziyu) add [Server RX bytes](https://tempesta-tech.com/knowledge-base/Performance-statistics/)  processing of `/proc/tempesta/perfstat` by a configurable dealy (1 second by default).

- [ ] Dynamically, probably with sliding window, compute `Client TX bytes` as  `sum(response_content_length)` and trigger on spike of `Server RX bytes / Client TX bytes` ratio.

- [ ] Detect the spike on `Cache misses / Cache hits` to detect cache bypass with `no-cache` or random URL parameters (test both the cases)

Related Tempesta FW issue https://github.com/tempesta-tech/tempesta/issues/1346#issuecomment-3549551996

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Tempesta FW `perfstat` analyzing for CDN amplification & bypass attacks detection #11

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Tempesta FW perfstat analyzing for CDN amplification & bypass attacks detection #11

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Tempesta FW `perfstat` analyzing for CDN amplification & bypass attacks detection #11