Re: Diff ways to prevent DoS and DDoS

[_ <packetnull () gmail com>]

to add on this DoS/DDoS/DRDoS are usually based on timing and amount of connections ACL's are a first line of defense.  
Nasty little buggers they are attackers will try to "deny" service from layers 3 to 7. thats why security folks come up 
with new fancy terms like NGFW's same thing bonded together



On Apr 24, 2012, at 3:58 PM, "David Gillett" <gillettdavid () fhda edu> wrote:

> From: Don Thomas [mailto:don.thomasjacob () gmail com] wrote:
>
> > 1st you need to think beyond your network firewalls and ACL on the router.
> Firewalls and ACL can never stop DoS attacks as they can stop only
> information you have asked it
> > to stop.
>
>  Ooops.  You've provided no argument that establishes that we cannot ask
> firewalls or ACLs to block DoS/DDoS attacks....
>
>  There *are* two relevant limitations of firewalls and ACLs, but they're
> not what you suggest here:
>
> 1.  Firewalls and ACLs effectively classify traffic into three categories:
> known good, known bad, and unknown.  They may have to base this
> categorization on inadequate information -- for instance, to an ACL there's
> no easy way to distinguish a simple ping from a ping-of-death.  Sometimes
> the only real difference between legitimate traffic and a DoS/DDoS is the
> rate of such traffic; ACLs provide no way to specify this, and not all
> firewalls do either...
>
> 2.  A firewall or ACL can only act on traffic that reaches the location
> where it is implemented.  In some cases, a DoS/DDoS attack may do its damage
> before reaching that point.  For instance, a trivial brute-force bandwidth
> consumption attack will probably manage to saturate the ISP connection
> regardless of whether it is blocked once it arrives at the target's site.
>
>  Disproof by counterexample: My ACLs block some specific DoS attacks that
> used to knock us off the Internet routinely.
>
> David Gillett, CISSP CCNP
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------