nanog mailing list archives
Re: netfilter/iptables synproxy; need help deciding
From: Roland Dobbins <rdobbins () arbor net>
Date: Wed, 8 Oct 2014 22:35:51 +0700
On Oct 8, 2014, at 10:24 PM, Paige Thompson <paigeadele () gmail com> wrote:
Re pp: 30-36 I think I catch your drift (ie: using cisco netflow to detect a synflood?) but would you care to summarize just in case because I am not this savvy, but would like to understand.
Yes, you can do that - there are plenty of open-source tools out there. But pay attention to the infrastructure and host BCPs in that preso, as well.
Also in regards to snort inline, I've been trying to figure out whether or not Snort/DAQ/NFQ (netfilter) is appropriate or not.
Yes, you can use it as a super-ACL. Beyond that, reverse-proxy caches are useful, as well, as noted in the cited historical email. ---------------------------------------------------------------------- Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Equo ne credite, Teucri. -- Laocoön
Current thread:
- netfilter/iptables synproxy; need help deciding Paige Thompson (Oct 08)
- Re: netfilter/iptables synproxy; need help deciding Roland Dobbins (Oct 08)
- Re: netfilter/iptables synproxy; need help deciding Paige Thompson (Oct 08)
- Re: netfilter/iptables synproxy; need help deciding Roland Dobbins (Oct 08)
- Re: netfilter/iptables synproxy; need help deciding Paige Thompson (Oct 08)
- RE: netfilter/iptables synproxy; need help deciding Thijs Stuurman (Oct 08)
- <Possible follow-ups>
- netfilter/iptables synproxy; need help deciding Paige Thompson (Oct 08)
- RE: netfilter/iptables synproxy; need help deciding Thijs Stuurman (Oct 08)
- Re: netfilter/iptables synproxy; need help deciding Paige Thompson (Oct 08)
- RE: netfilter/iptables synproxy; need help deciding Thijs Stuurman (Oct 08)
- RE: netfilter/iptables synproxy; need help deciding Thijs Stuurman (Oct 08)
- Re: netfilter/iptables synproxy; need help deciding Roland Dobbins (Oct 08)