Re: Mitigating HTTP DDoS attacks?

["Tim Yocum" <tim () yocum org>]

On Mon, Mar 24, 2008 at 5:18 PM, Roland Dobbins <rdobbins () cisco com> wrote:
>  There are devices available today from different vendors (including
>  Cisco, full disclosure) which are intelligent DDoS-'scrubbers' and
>  which can deal with more sophisticated types of attacks at layer-7,
>  including HTTP and DNS.  S/RTBH is also an option, keeping in mind
>  some of the caveats you mentioned (staying mindful of attacking hosts
>  behind proxies, botted hosts of legit customers, et. al.).

Citrix (Netscaler), F5 (BIG-IP), and as Roland mentioned, Cisco, all
offer varying levels of security for the content layer.

If you're running Apache, you may also investigate mod_evasive, and in
the case of exploits, mod_security.

Naturally, your ability to filter and contain the attack with software
is going to be limited by the host hardware, so it's best to take a
layered approach to mitigating various attacks you face. Also
important to be aware of your network architecture lest you find
yourself with DDoS bits clogging the pipes just before your
(expensive) defenses. :-)

- Tim