Mailinglist Archive: opensuse-security (232 mails)

< Previous Next >
Re: [suse-security] Under DDoS Attack
  • From: Syv Ritch <suse@xxxxxxxxxxxxxxx>
  • Date: Thu, 27 Oct 2005 09:35:31 -0700
  • Message-id: <436101D3.7020204@xxxxxxxxxxxxxxx>
media Formel4 wrote:
- Is it possible with spoofed IP numbers to establish connections to
port 80? As far as I know you should get stuck after "SYN".
I'm asking that, because tracing back the IPs in question I find very often unrouted areas and non-reachable (but maybe firewalled) IPs.

Also I found a group of 300 IPs coming from an american company network. I contacted them and they stated too, that those IPs were not in use and not routed right now...



- How can I secure this server and/or stop this attack?

I think that you are looking at wrong point. Preventing a DDOS is not the job of the web server, but the job of the router/firewall. "Real routers/firewalls" will deal easily with these problems.

- No spoofing of IPs through validation where the packet comes from...
- No fragmented packets
- Limit the number of open/unfinished connections...

Cisco Pix 501, 515... depending on size and volumes
Cisco 1811...

Not cheap but when configured properly, guaranteed to work.

--
Thanks
http://www.911networks.com
When the network has to work Cisco/Microsoft

< Previous Next >
Follow Ups
References