RE: Products detecting DDoS attacks

[Dean Davis <Dean.Davis () mbg-inc com>]

Kip:

If you're open to using Open-source, then you must consider one of the best
NIDSs, not to mention it's free, on the market: Snort. www.snort.org

You can salvage an outdated machine, arm it with 2 NICs, and place it in
stealth mode at your network's perimter or nearby, to sniff the appropriate
traffic.
 

Thanks,
Dean Davis, MCSE,MCDBA,CCNA,CNA,N+,Linux+
Sr. Network Engineer
MBG, Inc.
370 Lexington Avenue
New York, NY 10017
P. 212.822.4429
F. 212.822.4499
http://www.mbg-inc.com



-----Original Message-----
From: Kip Sr. [mailto:kipsr1 () yahoo com] 
Sent: Monday, December 08, 2003 12:53 PM
To: security-basics () securityfocus com
Subject: Products detecting DDoS attacks


Hello All!

I am running a small web site and I am interested in
deploying software/hardware which can detect DDoS
attacks (SYN floods, application based attacks, etc)
on my perimeter network. I have been reading that some
products will do this... like Cisco Netflow, Arbor
networks, etc.. but I am not sure how effective these
products are.

Essentially, I just looking for some good tools that
can quickly detect the source IP of zombie machines so
I can go back to my ISP and have them filter out the
traffic upstream.

Thanks in advance for your help!
Kip Sr.



__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/

---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------