This maybe dumb but won't hurt to throw this out there, maybe this has
to be built with combination of tools, technologies etc but i would
definately like to first collect as much info and then maybe work on
this (or maybe the solution - open source is already out there , in
that case I would like to know what :), I know of many 100K devices
that will do this.
Is there a way that I can setup a machine (another openbsd machine) in
front of an OpenBSD firewall to help against DDoS attacks?
If so what would be proper approach in doing so (if someone has
already approached this subject).
Machine would have 2 or 3 nics (3rd nic for management maybe?).
You take the internet drop on the first port, say for example:
fxp0 (external_if) . Maybe implement SYNCOOKIE (technology). The
traffic only gets passed on to the firewall port throught fxp1
(internal_if) , once the server gets the ACK back. Would SYNPROXY
do this too??
This machine could also be doing some form of RATE LIMITING?? maybe??
Anyone ?? Anytakes??
/Parvinder Bhasin
