North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Mitigating HTTP DDoS attacks?
On Mon, Mar 24, 2008 at 11:34:58PM +0000, Paul Vixie wrote: > > i only use or recommend operating systems that have their own host based > firewalls. soon that will mean pf (from openbsd but available on freebsd) > but right now that means ipfw. ipfw has a "table" construct which uses a > data structure similar to the kernel's routing table. with a little bit > of tuning, and using X86_64 to get more kernel memory map space than I386, > i've listed every member of 60K-node botnets in a table whose only use is > "if a SYN comes from here, silently drop it with no ICMP response". with > more tuning work, a 200K-node botnet would pose no problem. we populate > these tables with a perl script that watches the apache server's logfiles. Even on an untuned fbsd i386, I had success with an ipfw table with well over 1e6 entries. What finally broke was doing a table list, possibly because the command prints in sorted order. No performance problems were observed at my limited volume of perhaps 30000 hits per day. -- Barney Wolff I never met a computer I didn't like.