Mailinglist Archive: opensuse-security (145 mails)

< Previous Next >
Re: [suse-security] Detection of DoS Attacks on Webserver
  • From: Arjen de Korte <suse+security@xxxxxxxxxxxx>
  • Date: Tue, 16 Nov 2004 20:40:05 +0100
  • Message-id: <200411162040.05407.suse+security@xxxxxxxxxxxx>
On Sunday 14 November 2004 02:03, Dana Hudes wrote:

> yes that's a reasonable approach on Linux but you have to construct
> solutions in a modular fashion. Certainly "firewall rule" is an option (but
> you can't just stick it in there and leave it forever, it has to be aged
> out at some point)

Just ignoring (firewalling) incoming traffic is not going to keep your
webserver on the net, when bandwidth is depleted. A firewall rule on your
side is not going to stop a DDoS attack if it is saturating your connection
(a coordinated attack from a few hundred zombies probably will be
sufficient). Now how is such an automated tool supposed to contact your
uplink provider and filter out this traffic, before it can clog your


< Previous Next >
Follow Ups