Carl Johnson on 14 Mar 2011 21:15:25 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] DoS protection

implementing syn cookies might help some in addition to the IDS you

On Mon, 2011-03-14 at 12:40 -0500, Jeff Bailey wrote:
> Hey all...
> I'm curious as to whether anyone has any input on methods of Denial of Service attack protection, specifically for an exposed DNS server.
> I've been looking at snort and bro, but was wondering what anyone's input would be...  Are there any other options?
> Is this something that can (or "should") be handled more simply by iptables?  One of my potential issues with snort is that it looks like there might be a lot of tuning involved - these will be deployed at customer sites, and I'm not confident that we''ll have the ability to do that tuning for them, nor that they'll have the desire/ability to do it themselves.  I'm hoping to find something that's a little more "plug and play", if such a thing exists.
> Thanks for any input....
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --
> Announcements -
> General Discussion  --

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --