Security Basics mailing list archives
RE: Preveting DDOS Syn floods on HTTP servers
From: "Shaun Sturby, MCSE Optrics Engineering" <Shaun () Optrics com>
Date: Mon, 8 Mar 2004 13:30:44 -0700
Hello, <Disclaimer> I work for a consulting firm that sells and supports this type of solution. This has been done, at least for the larger sites (Learn Key, Rapattoni, Belo Interactive, SingTel, Brylane, SEVEN and NetZero to name a few) using a purpose built web accelerator from NetScaler. The idea is that all SYN requests get handled by the NetScaler and it hands back to the requesting zombie a ticket that a legitimate client will return to the server. Only after the ticket is returned does the NetScaler then forward on that request to the web server. All SYN flood requests are dropped by the NetScaler and never get to your server to impact performance. The NetScaler also handled HTTP Get Flood DDOS's using a similar technology. There is some additional information and whitepapers available (Registration required or contact me off list) at the main NetScaler website. http://www.netscaler.com Shaun, Manager of Technical Resources Optrics Engineering. -----Original Message----- From: nabi1 () securology org [mailto:nabi1 () securology org] Sent: Friday, March 05, 2004 6:16 AM To: security-basics () securityfocus com Subject: Preveting DDOS Syn floods on HTTP servers Importance: High Dear list, I was wondering if it was possible for a HTTP servers to prevent DDOS syn floods, attacks from different IP's, like a attack from a IRC network or something like that. Some people say it's impossible and some say it's possible, so I wonder if someone can give me the right answer, and if it's possible, how to do it? ___________________________________ NOCC, http://nocc.sourceforge.net _____________________________________________________________ IMail Server has scanned this e-mail for Viruses and SPAM using Declude Virus & Declude Junkmail available from www.Optrics.com --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Preveting DDOS Syn floods on HTTP servers nabi1 (Mar 08)
- RE: Preveting DDOS Syn floods on HTTP servers Shaun Sturby, MCSE Optrics Engineering (Mar 08)
- Re: Preveting DDOS Syn floods on HTTP servers jamesworld (Mar 09)
- RE: Preveting DDOS Syn floods on HTTP servers Aditya, ALD [Aditya Lalit Deshmukh] (Mar 10)
- Re: Preveting DDOS Syn floods on HTTP servers Fernando Gont (Mar 17)
- <Possible follow-ups>
- RE: Preveting DDOS Syn floods on HTTP servers MARTIN M. Bénoni (Mar 09)
- RE: Preveting DDOS Syn floods on HTTP servers Fernando Gont (Mar 17)