Mailinglist Archive: opensuse-security (145 mails)

< Previous Next >
Re: [suse-security] Detection of DoS Attacks on Webserver
  • From: Arjen de Korte <suse+security@xxxxxxxxxxxx>
  • Date: Tue, 16 Nov 2004 20:40:05 +0100
  • Message-id: <200411162040.05407.suse+security@xxxxxxxxxxxx>
On Sunday 14 November 2004 02:03, Dana Hudes wrote:

> yes that's a reasonable approach on Linux but you have to construct
> solutions in a modular fashion. Certainly "firewall rule" is an option (but
> you can't just stick it in there and leave it forever, it has to be aged
> out at some point)

Just ignoring (firewalling) incoming traffic is not going to keep your
webserver on the net, when bandwidth is depleted. A firewall rule on your
side is not going to stop a DDoS attack if it is saturating your connection
(a coordinated attack from a few hundred zombies probably will be
sufficient). Now how is such an automated tool supposed to contact your
uplink provider and filter out this traffic, before it can clog your
connection?

Arjen

< Previous Next >
Follow Ups
References