netfilter/iptables synproxy; need help deciding

Roland Dobbins rdobbins at arbor.net
Wed Oct 8 15:35:51 UTC 2014


On Oct 8, 2014, at 10:24 PM, Paige Thompson <paigeadele at gmail.com> wrote:

> Re pp: 30-36 I think I catch your drift (ie: using cisco netflow to detect a synflood?) but would you care to summarize just in case because
> I am not this savvy, but would like to understand.

Yes, you can do that - there are plenty of open-source tools out there.

But pay attention to the infrastructure and host BCPs in that preso, as well.

> Also in regards to snort inline, I've been trying to figure out whether or not Snort/DAQ/NFQ (netfilter) is appropriate or not. 

Yes, you can use it as a super-ACL.

Beyond that, reverse-proxy caches are useful, as well, as noted in the cited historical email.

----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

                   Equo ne credite, Teucri.

    		   	  -- Laocoön




More information about the NANOG mailing list