On 3/25/08, Peter Dambier <[EMAIL PROTECTED]> wrote:
>
>
> proc2pl might get you ideas, from the ISAON tools on
You know, for the last year or two I've heard you go on and on about IASON.
A few months ago I actually did download it and the only thing I can find in
it is an assortment of scripts t
On Mon, 24 Mar 2008 23:13:25 -0400
"Rodrick Brown" <[EMAIL PROTECTED]> wrote:
>
> They're a few companies that specialize in "DDOS protection type
> services" one company that comes to mind is Prolexic and their IPN
> infrastructure protection service. Prolexic will basically absorbs all
> atta
Lyon
Sent: Monday, March 24, 2008 6:02 PM
To: NANOG
Subject: Mitigating HTTP DDoS attacks?
Howdy all,
So, i'm kind of new to this so please deal with my ignorance. But,
what is common practice these days for HTTP DDoS mitigation during an
attack? You can of course route every offending ip a
> On Mon, Mar 24, 2008 at 11:34:58PM +, Paul Vixie wrote:
>> i only use or recommend operating systems that have their own host based
>> firewalls.
That was exactly my problem.
Barney Wolff wrote:
> What finally broke was doing a table list, possibly because the
> command prints in sorted
On Mon, Mar 24, 2008 at 6:02 PM, Mike Lyon <[EMAIL PROTECTED]> wrote:
>
> Howdy all,
>
> So, i'm kind of new to this so please deal with my ignorance. But,
> what is common practice these days for HTTP DDoS mitigation during an
> attack? You can of course route every offending ip address to nu
Mike Lyon wrote:
So, i'm kind of new to this so please deal with my ignorance. But,
what is common practice these days for HTTP DDoS mitigation during an
attack? You can of course route every offending ip address to null0 at
your border. But, if it's a botnet or trojan or something, It's coming
On Mar 25, 2008, at 8:10 AM, Frank Bulk - iNAME wrote:
In any case, it's reactive.
Several SPs (quite a few, actually) are offering DDoS mitigation
services based upon a variety of tools and techniques, and with
various pricing models. Some provide the service for their own
transit/h
issue. In any case,
it's reactive.
Frank
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike
Lyon
Sent: Monday, March 24, 2008 5:02 PM
To: NANOG
Subject: Mitigating HTTP DDoS attacks?
Howdy all,
So, i'm kind of new to this so please de
On Mon, Mar 24, 2008 at 11:34:58PM +, Paul Vixie wrote:
>
> i only use or recommend operating systems that have their own host based
> firewalls. soon that will mean pf (from openbsd but available on freebsd)
> but right now that means ipfw. ipfw has a "table" construct which uses a
> data
Paul Vixie wrote:
i only use or recommend operating systems that have their own host based
firewalls. soon that will mean pf (from openbsd but available on freebsd)
pf's tables are nifty too btw :)
pfsense, which is FreeBSD + pf, also has a port of snort IDS available.
Provided the OP has
[EMAIL PROTECTED] ("Mike Lyon") writes:
> So, i'm kind of new to this so please deal with my ignorance.
:-). on the internet, everybody's new to everything since it's all
changing every day. if anybody grumps at you for your ignorance, or
says "i can't type that into an IOS prompt" then the fa
On Mar 25, 2008, at 6:18 AM, Tim Yocum wrote:
If you're running Apache, you may also investigate mod_evasive, and in
the case of exploits, mod_security.
mod_evasive and mod_security are definitely recommended, good point.
And a good relationship with your peers/upstreams/customers/vendors
On Mon, Mar 24, 2008 at 5:18 PM, Roland Dobbins <[EMAIL PROTECTED]> wrote:
> There are devices available today from different vendors (including
> Cisco, full disclosure) which are intelligent DDoS-'scrubbers' and
> which can deal with more sophisticated types of attacks at layer-7,
> includin
On Mar 25, 2008, at 5:02 AM, Mike Lyon wrote:
Any input would be greatly appreciated.
There are devices available today from different vendors (including
Cisco, full disclosure) which are intelligent DDoS-'scrubbers' and
which can deal with more sophisticated types of attacks at layer-7
Howdy all,
So, i'm kind of new to this so please deal with my ignorance. But,
what is common practice these days for HTTP DDoS mitigation during an
attack? You can of course route every offending ip address to null0 at
your border. But, if it's a botnet or trojan or something, It's coming
from nu
15 matches
Mail list logo