[103268] in North American Network Operators' Group
Re: Mitigating HTTP DDoS attacks?
daemon@ATHENA.MIT.EDU (Mike Lewinski)
Mon Mar 24 20:07:48 2008
Date: Mon, 24 Mar 2008 18:01:42 -0600
From: Mike Lewinski <mike@rockynet.com>
To: nanog@merit.edu
In-Reply-To: <g3ve3bhf19.fsf@sa.vix.com>
Errors-To: owner-nanog@merit.edu
Paul Vixie wrote:
> i only use or recommend operating systems that have their own host based
> firewalls. soon that will mean pf (from openbsd but available on freebsd)
pf's tables are nifty too btw :)
pfsense, which is FreeBSD + pf, also has a port of snort IDS available.
Provided the OP has a signature of the attack he can match on, there's a
wholly open-source solution (I know snort can be configured inline to
drop packets on a filtering bridge, but of course you've got the
problems of half-open connections accumulating as well as the potential
for migration to https).
