netfilter/iptables synproxy; need help deciding
Roland Dobbins
rdobbins at arbor.net
Wed Oct 8 15:35:51 UTC 2014
On Oct 8, 2014, at 10:24 PM, Paige Thompson <paigeadele at gmail.com> wrote:
> Re pp: 30-36 I think I catch your drift (ie: using cisco netflow to detect a synflood?) but would you care to summarize just in case because
> I am not this savvy, but would like to understand.
Yes, you can do that - there are plenty of open-source tools out there.
But pay attention to the infrastructure and host BCPs in that preso, as well.
> Also in regards to snort inline, I've been trying to figure out whether or not Snort/DAQ/NFQ (netfilter) is appropriate or not.
Yes, you can use it as a super-ACL.
Beyond that, reverse-proxy caches are useful, as well, as noted in the cited historical email.
----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laocoön
More information about the NANOG
mailing list