Allen <gorebofh@comcast.net> 10/27/05 23:14 PM >>> On Thu, Oct 27, 2005 at 11:59:54PM +0200, b@rry wrote: As I said - its a root server. Nothing in front but the pure internet...
Why not have a firewall in front of it? Root server or no, something
i have heard of organizations/providers doing that. i have even had them DO IT. it depends on how many locations the DDoS bots are attacking from, are they on a certain AS (look up autonomous system if you don't know what an AS is, traceroute.org also has listings of various ASs by country) or from domains/IP blocks that will not excessively restrict access to the resource being hosted... this will work with blocks of IPs under the control of a certain authority, but again, it depends on how many places it is coming from. for example if your site is in X language and the attacks are coming from ASs from areas where Y language is generaly spoken, it may well be that your upstream provider/organization can block the address blocks (or some of them) and get rid of the load without seriously impacting the service you offer anymore than it already has been. there are also documented cases of universities and companies having some success with such a method. does this mean it will work in EVERY circumstance? no. sometimes the only way is to move services to another IP and sometimes that isn't practical either. that
can manage the connections to the box with relatively low connection
timeouts?
Maybe just maybe, because a firewall isn't going to do a THING against a DDOS attack? And for the other person who said call the ISP so they can "set the router to block the packets"..... Lol, if it was hat easy Yahoo, Microsoft and SCO wouldn't have been taken down. -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here