North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Mitigating HTTP DDoS attacks?

  • From: Mike Lewinski
  • Date: Mon Mar 24 20:09:52 2008

Paul Vixie wrote:

i only use or recommend operating systems that have their own host based
firewalls.  soon that will mean pf (from openbsd but available on freebsd)

pf's tables are nifty too btw :)

pfsense, which is FreeBSD + pf, also has a port of snort IDS available. Provided the OP has a signature of the attack he can match on, there's a wholly open-source solution (I know snort can be configured inline to drop packets on a filtering bridge, but of course you've got the problems of half-open connections accumulating as well as the potential for migration to https).