RE: any recommendable anti-ddos solution?

I would use an IDS to monitor traffic in real time like "snort_inline". You can then use signatures to detect certain types of exploits, ddos and such. When it happens it will auto drop, log, and block the connection. No more denial of service attacks from that host =)

For this to work you would setup a transparent bridge between your router and the switch that goes to everything else inside the network. It would then run your inline snort and sniff the data coming across the network. When a signature triggers that you have specified to be blocked, it will do so.

You can also use a front end like base or acid with a mysql backend to visually see people trying to exploit your network. It’s a nice IDS solution.

Search google for stuff like snort inline, Acid and snort, base and snort. You will find a lot of tutorials.


Dereck Martin
Network Operations Engineer
PacketDrivers IT Outsourcing, LLC
http://www.packetdrivers.com
____ _ _ ____ _
| _ \ __ _ ___| | _____| |_| _ \ _ __(_)_ _____ _ __ ___
| |_) / _` |/ __| |/ / _ \ __| | | | '__| \ \ / / _ \ '__/ __|
| __/ (_| | (__| < __/ |_| |_| | | | |\ V / __/ | \__ \
|_| \__,_|\___|_|\_\___|\__|____/|_| |_| \_/ \___|_| |___/


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Monty Ree
Sent: Monday, August 27, 2007 11:52 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: any recommendable anti-ddos solution?

Hello, list.

These days our network has been suffering from various ddos attack(syn
flooding, udp flooding...etc).
from time to time, ddos traffic is over 2G bps and this makes all network
service including firewall and IPS go down..

So is there any recommendable commercial anti-ddos equipment or solution?
I have heard about the cisco guard & detector and many say that only this
can fight against ddos attack. right?

But it seems that other anti ddos solution comes...
Please recommend commercial anti ddos solution for me.


Thanks in advance...

_________________________________________________________________
편리한 웹하드가 최대 1G 까지 무료!
http://im.msn.co.kr/new/function/function_02_11.asp

Relevant Pages

  • Snort sniffer logs
    ... Relatively quiet on the list but I finally have a question and ... On a network we have, snort is being run as a sniffer to capture ... about using ACID and dropping it into mysql, ...
    (Security-Basics)
  • Re: Windows based (H)IDS
    ... It may seems so obvious that snort library is very ... Security but it is a commercial product. ... > softwares can be added to the ... > over a network. ...
    (Focus-IDS)
  • Re: Please Help - Strange problem with my servers - Locked out
    ... > The other server is directly connected to the Internet ... > I have a workstation on the WORK network. ... > The WORK network can talk to both HOME and COLO ... > Does snort drop packets? ...
    (comp.unix.bsd.freebsd.misc)
  • Re: Please Help - Strange problem with my servers - Locked out
    ... > The other server is directly connected to the Internet ... > I have a workstation on the WORK network. ... > The WORK network can talk to both HOME and COLO ... > Does snort drop packets? ...
    (comp.security.firewalls)
  • Re: use ipchains to block all ports > 60,000
    ... snort would be an idea. ... By temporarily breaking the network connection and inserting a hub there, ... certain knowlegebut want a clean slate. ...
    (comp.os.linux.security)