nanog mailing list archives
Re: Mitigating HTTP DDoS attacks?
From: "Tim Yocum" <tim () yocum org>
Date: Mon, 24 Mar 2008 18:18:20 -0500
On Mon, Mar 24, 2008 at 5:18 PM, Roland Dobbins <rdobbins () cisco com> wrote:
There are devices available today from different vendors (including Cisco, full disclosure) which are intelligent DDoS-'scrubbers' and which can deal with more sophisticated types of attacks at layer-7, including HTTP and DNS. S/RTBH is also an option, keeping in mind some of the caveats you mentioned (staying mindful of attacking hosts behind proxies, botted hosts of legit customers, et. al.).
Citrix (Netscaler), F5 (BIG-IP), and as Roland mentioned, Cisco, all offer varying levels of security for the content layer. If you're running Apache, you may also investigate mod_evasive, and in the case of exploits, mod_security. Naturally, your ability to filter and contain the attack with software is going to be limited by the host hardware, so it's best to take a layered approach to mitigating various attacks you face. Also important to be aware of your network architecture lest you find yourself with DDoS bits clogging the pipes just before your (expensive) defenses. :-) - Tim
Current thread:
- Mitigating HTTP DDoS attacks? Mike Lyon (Mar 24)
- Re: Mitigating HTTP DDoS attacks? Roland Dobbins (Mar 24)
- Re: Mitigating HTTP DDoS attacks? Tim Yocum (Mar 24)
- Re: Mitigating HTTP DDoS attacks? Roland Dobbins (Mar 24)
- Re: Mitigating HTTP DDoS attacks? Tim Yocum (Mar 24)
- Re: Mitigating HTTP DDoS attacks? Paul Vixie (Mar 24)
- Re: Mitigating HTTP DDoS attacks? Mike Lewinski (Mar 24)
- Re: Mitigating HTTP DDoS attacks? Barney Wolff (Mar 24)
- Re: Mitigating HTTP DDoS attacks? Peter Dambier (Mar 25)
- Re: Mitigating HTTP DDoS attacks? Paul Wall (Mar 25)
- Re: Mitigating HTTP DDoS attacks? Roland Dobbins (Mar 24)
- RE: Mitigating HTTP DDoS attacks? Frank Bulk - iNAME (Mar 24)
- Re: Mitigating HTTP DDoS attacks? Roland Dobbins (Mar 24)
- Re: Mitigating HTTP DDoS attacks? Rodrick Brown (Mar 24)
- Re: Mitigating HTTP DDoS attacks? Steven M. Bellovin (Mar 25)