nanog mailing list archives
Re: Mitigating HTTP DDoS attacks?
From: Barney Wolff <barney () databus com>
Date: Mon, 24 Mar 2008 20:09:45 -0400
On Mon, Mar 24, 2008 at 11:34:58PM +0000, Paul Vixie wrote:
i only use or recommend operating systems that have their own host based firewalls. soon that will mean pf (from openbsd but available on freebsd) but right now that means ipfw. ipfw has a "table" construct which uses a data structure similar to the kernel's routing table. with a little bit of tuning, and using X86_64 to get more kernel memory map space than I386, i've listed every member of 60K-node botnets in a table whose only use is "if a SYN comes from here, silently drop it with no ICMP response". with more tuning work, a 200K-node botnet would pose no problem. we populate these tables with a perl script that watches the apache server's logfiles.
Even on an untuned fbsd i386, I had success with an ipfw table with well over 1e6 entries. What finally broke was doing a table list, possibly because the command prints in sorted order. No performance problems were observed at my limited volume of perhaps 30000 hits per day. -- Barney Wolff I never met a computer I didn't like.
Current thread:
- Mitigating HTTP DDoS attacks? Mike Lyon (Mar 24)
- Re: Mitigating HTTP DDoS attacks? Roland Dobbins (Mar 24)
- Re: Mitigating HTTP DDoS attacks? Tim Yocum (Mar 24)
- Re: Mitigating HTTP DDoS attacks? Roland Dobbins (Mar 24)
- Re: Mitigating HTTP DDoS attacks? Tim Yocum (Mar 24)
- Re: Mitigating HTTP DDoS attacks? Paul Vixie (Mar 24)
- Re: Mitigating HTTP DDoS attacks? Mike Lewinski (Mar 24)
- Re: Mitigating HTTP DDoS attacks? Barney Wolff (Mar 24)
- Re: Mitigating HTTP DDoS attacks? Peter Dambier (Mar 25)
- Re: Mitigating HTTP DDoS attacks? Paul Wall (Mar 25)
- Re: Mitigating HTTP DDoS attacks? Roland Dobbins (Mar 24)
- RE: Mitigating HTTP DDoS attacks? Frank Bulk - iNAME (Mar 24)
- Re: Mitigating HTTP DDoS attacks? Roland Dobbins (Mar 24)
- Re: Mitigating HTTP DDoS attacks? Rodrick Brown (Mar 24)
- Re: Mitigating HTTP DDoS attacks? Steven M. Bellovin (Mar 25)
- RE: Mitigating HTTP DDoS attacks? Darden, Patrick S. (Mar 25)
- <Possible follow-ups>
- Re: Mitigating HTTP DDoS attacks? Roger Marquis (Mar 24)