Re: syn DDoS attack solution

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

And, most important for folks here, do egress filtering on your firewall! Help prevent zombie machines on your own networks from being a problem, you can't stop your end users from bringing infections into your network but you can control their spread. 

Bgs wrote:
You can have defense against many kind of ddos attacks but victory is not sure at all. Take the case for example when a very large number of distributed bots issues many but slow SYN/ACK bounce attacks or plain protocol connections to your site. If they do it 'right' you will end up with up to millions of sources doing 'ordinary' things with random sources. No source will ever trigger anything above an average user. One important step in taking ddos seriously was when the first ISP went broke because it was a target.
So take up the fight when it happens. Most attackers are not resourceful enough (either by available hw/bots or technical knowledge), so on the long term you can usually win. But loosing the war is always a possibility no matter how good you are... 

Martin McKeay wrote:
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux