[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

netfilter/iptables synproxy; need help deciding

Subject: netfilter/iptables synproxy; need help deciding
From: rdobbins at arbor.net (Roland Dobbins)
Date: Wed, 8 Oct 2014 22:35:51 +0700
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]>

On Oct 8, 2014, at 10:24 PM, Paige Thompson <paigeadele at gmail.com> wrote:

> Re pp: 30-36 I think I catch your drift (ie: using cisco netflow to detect a synflood?) but would you care to summarize just in case because
> I am not this savvy, but would like to understand.

Yes, you can do that - there are plenty of open-source tools out there.

But pay attention to the infrastructure and host BCPs in that preso, as well.

> Also in regards to snort inline, I've been trying to figure out whether or not Snort/DAQ/NFQ (netfilter) is appropriate or not. 

Yes, you can use it as a super-ACL.

Beyond that, reverse-proxy caches are useful, as well, as noted in the cited historical email.

----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

                   Equo ne credite, Teucri.

    		   	  -- LaocoÃ¶n

References:
- netfilter/iptables synproxy; need help deciding
  - From: paigeadele at gmail.com (Paige Thompson)
- netfilter/iptables synproxy; need help deciding
  - From: rdobbins at arbor.net (Roland Dobbins)
- netfilter/iptables synproxy; need help deciding
  - From: paigeadele at gmail.com (Paige Thompson)

Prev by Date: netfilter/iptables synproxy; need help deciding
Next by Date: Unwanted Traffic Removal Service (UTRS)
Previous by thread: netfilter/iptables synproxy; need help deciding
Next by thread: netfilter/iptables synproxy; need help deciding
Index(es):
- Date
- Thread