On Tue, 2010-03-16 at 07:53 +0000, gordon b slater wrote: > Hmm, the "hey! it's open source!" factor doesn't hold much sway in the > network world, no-one will be amazed at that. Many observers are > surprised at the amount of free software employed by ISPs and the > like, but it's certainly no news to insiders.
Not to mention that it is only "open source for private non-commercial use only", and is crippled. Also, Obeseus doesn't seem to be any better then stuff I have made myself for my own usage and clients' usage. All it does it look at a pcap dump and analyze it. Obeseus is actually worse: it does not work in realtime, the data structures it uses are not suited to realtime detection, and in a DDoS, I think this could take several minutes to trigger appropriate events like IP nullroutes and ACLs etcetera. The best way to detect DDoS is to run a 30 second rolling average. If you're suddenly doing a gigabit inbound within 30 seconds of UDP traffic, you're probably being DDoSed ;). William