[175027] in North American Network Operators' Group
Re: netfilter/iptables synproxy; need help deciding
daemon@ATHENA.MIT.EDU (Roland Dobbins)
Wed Oct 8 11:36:13 2014
X-Original-To: nanog@nanog.org
From: Roland Dobbins <rdobbins@arbor.net>
In-Reply-To: <54355730.9010907@gmail.com>
Date: Wed, 8 Oct 2014 22:35:51 +0700
To: "nanog@nanog.org list" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Oct 8, 2014, at 10:24 PM, Paige Thompson <paigeadele@gmail.com> =
wrote:
> Re pp: 30-36 I think I catch your drift (ie: using cisco netflow to =
detect a synflood?) but would you care to summarize just in case because
> I am not this savvy, but would like to understand.
Yes, you can do that - there are plenty of open-source tools out there.
But pay attention to the infrastructure and host BCPs in that preso, as =
well.
> Also in regards to snort inline, I've been trying to figure out =
whether or not Snort/DAQ/NFQ (netfilter) is appropriate or not.=20
Yes, you can use it as a super-ACL.
Beyond that, reverse-proxy caches are useful, as well, as noted in the =
cited historical email.
----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laoco=F6n
