Security Basics mailing list archives

RE: Preveting DDOS Syn floods on HTTP servers

From: "Shaun Sturby, MCSE Optrics Engineering" <Shaun () Optrics com>
Date: Mon, 8 Mar 2004 13:30:44 -0700

Hello,

<Disclaimer> I work for a consulting firm that sells and supports this type
of solution.

This has been done, at least for the larger sites (Learn Key, Rapattoni,
Belo Interactive, SingTel, Brylane, SEVEN and NetZero to name a few) using a
purpose built web accelerator from NetScaler. The idea is that all SYN
requests get handled by the NetScaler and it hands back to the requesting
zombie a ticket that a legitimate client will return to the server. Only
after the ticket is returned does the NetScaler then forward on that request
to the web server. All SYN flood requests are dropped by the NetScaler and
never get to your server to impact performance. The NetScaler also handled
HTTP Get Flood DDOS's using a similar technology.

There is some additional information and whitepapers available (Registration
required or contact me off list) at the main NetScaler website.

http://www.netscaler.com

Shaun, Manager of Technical Resources
Optrics Engineering.

-----Original Message-----
From: nabi1 () securology org [mailto:nabi1 () securology org]
Sent: Friday, March 05, 2004 6:16 AM
To: security-basics () securityfocus com
Subject: Preveting DDOS Syn floods on HTTP servers
Importance: High


Dear list,

I was wondering if it was possible for a HTTP servers to prevent DDOS syn
floods, attacks from different IP's, like a attack from a IRC network or
something like that.

Some people say it's impossible and some say it's possible, so I wonder if
someone can give me the right answer, and if it's possible, how to do it?

___________________________________
NOCC, http://nocc.sourceforge.net

_____________________________________________________________

IMail Server has scanned this e-mail for Viruses and SPAM using  
Declude Virus & Declude Junkmail available from www.Optrics.com  


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

Preveting DDOS Syn floods on HTTP servers nabi1 (Mar 08)
- RE: Preveting DDOS Syn floods on HTTP servers Shaun Sturby, MCSE Optrics Engineering (Mar 08)
- Re: Preveting DDOS Syn floods on HTTP servers jamesworld (Mar 09)
- RE: Preveting DDOS Syn floods on HTTP servers Aditya, ALD [Aditya Lalit Deshmukh] (Mar 10)
- Re: Preveting DDOS Syn floods on HTTP servers Fernando Gont (Mar 17)
- <Possible follow-ups>
- RE: Preveting DDOS Syn floods on HTTP servers MARTIN M. Bénoni (Mar 09)
  - RE: Preveting DDOS Syn floods on HTTP servers Fernando Gont (Mar 17)