Mailinglist Archive: opensuse-security (232 mails)
| < Previous | Next > |
Re: [suse-security] Under DDoS Attack
- From: Syv Ritch <suse@xxxxxxxxxxxxxxx>
- Date: Thu, 27 Oct 2005 09:35:31 -0700
- Message-id: <436101D3.7020204@xxxxxxxxxxxxxxx>
media Formel4 wrote:
I think that you are looking at wrong point. Preventing a DDOS is not the job of the web server, but the job of the router/firewall. "Real routers/firewalls" will deal easily with these problems.
- No spoofing of IPs through validation where the packet comes from...
- No fragmented packets
- Limit the number of open/unfinished connections...
Cisco Pix 501, 515... depending on size and volumes
Cisco 1811...
Not cheap but when configured properly, guaranteed to work.
--
Thanks
http://www.911networks.com
When the network has to work Cisco/Microsoft
- Is it possible with spoofed IP numbers to establish connections to
port 80? As far as I know you should get stuck after "SYN".
I'm asking that, because tracing back the IPs in question I find very often unrouted areas and non-reachable (but maybe firewalled) IPs.
Also I found a group of 300 IPs coming from an american company network. I contacted them and they stated too, that those IPs were not in use and not routed right now...
- How can I secure this server and/or stop this attack?
I think that you are looking at wrong point. Preventing a DDOS is not the job of the web server, but the job of the router/firewall. "Real routers/firewalls" will deal easily with these problems.
- No spoofing of IPs through validation where the packet comes from...
- No fragmented packets
- Limit the number of open/unfinished connections...
Cisco Pix 501, 515... depending on size and volumes
Cisco 1811...
Not cheap but when configured properly, guaranteed to work.
--
Thanks
http://www.911networks.com
When the network has to work Cisco/Microsoft
| < Previous | Next > |