North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Mitigating HTTP DDoS attacks?

  • From: Tim Yocum
  • Date: Mon Mar 24 19:26:13 2008

On Mon, Mar 24, 2008 at 5:18 PM, Roland Dobbins <[email protected]> wrote:
>  There are devices available today from different vendors (including
>  Cisco, full disclosure) which are intelligent DDoS-'scrubbers' and
>  which can deal with more sophisticated types of attacks at layer-7,
>  including HTTP and DNS.  S/RTBH is also an option, keeping in mind
>  some of the caveats you mentioned (staying mindful of attacking hosts
>  behind proxies, botted hosts of legit customers, et. al.).

Citrix (Netscaler), F5 (BIG-IP), and as Roland mentioned, Cisco, all
offer varying levels of security for the content layer.

If you're running Apache, you may also investigate mod_evasive, and in
the case of exploits, mod_security.

Naturally, your ability to filter and contain the attack with software
is going to be limited by the host hardware, so it's best to take a
layered approach to mitigating various attacks you face. Also
important to be aware of your network architecture lest you find
yourself with DDoS bits clogging the pipes just before your
(expensive) defenses. :-)

- Tim