[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: protection against DDoS with Syn-Flood

To: Stefan Kell <skba.opbsd@gmx.de>
Subject: Re: protection against DDoS with Syn-Flood
From: Rembrandt <rembrandt@helith.net>
Date: Tue, 1 Feb 2005 18:28:30 +0100
Cc: misc@openbsd.org
Organization: Helith Network
References: <Pine.LNX.4.44.0502011738270.3108-100000@obelix.aib.sk.org>

On Tue, 1 Feb 2005 17:59:07 +0100 (CET)
Stefan Kell <skba.opbsd@gmx.de> wrote:

> Hi folks,
> 
> starting on monday, heise-online (http://www.heise.de), a wellknown
> german newssite, is under a massive ddos attack with syn-flooding. 

It's just a new kind of a "letter to the editor". :)))

> As far as I know, they are connected to the net with 100mbit/s via
> switches and load balancers directly at the central de-cix node in
> Frankfurt. Their load balancers crashed due to the heavy load
> according to heise-online.

Hip Hip Hurei... (and no I'm not involved this action but I dislike the
spelling misstakes even in their magazines (wich are expensiv!)).

> Question to the specialists here: could OpenBSD's syn-proxy feature
> handle the situation better, especially without crashes? What
> parameters could be optimized so that this load can be handled?

The SYN-Proxy handled it perfectly for me.
A little server (Athlon 650Mhz, 192MB RAM) handled a DDoS wich includes
about some tousends of Bots wihtout problems (for about 6 weeks).

Okey I don't know how much boardband-connections where used but I
noticed serval university PCs.

But the SynProxy is realy nice (Thanks for that @OpenBSD).

And the DDoS is just a reaction of the articles inlcude the new iX.
I'm sure some gray- and blackhats disliked it strongly. (Just a clue...)

Btw. if the Admin @heise would just think about the situation he
would have solved it yesterday.
How much ppl. read heise.de outside of germany/austria/swiss?
IP-Blocking would solve the most things and maybe also a better
Server-Configuration. I'm sure the DDoS is just the beginning. 

> Thanks for your answers

No problem.
OpenBSD 3.5 was able (without a crash) to handle a DDoS using serval
tousends bots. So I'm sure it would help heise.de also.

> Stefan Kell

Friendly greetings,
Rembrandt

ps.:
Heise is "proud" to write articles how to fight hackers so I'm
sure they'll solve it with their 20 linux servers + 1 sun-box.
Btw: Did you ever read a article there like "News in the
Open/Free/NetBSD-Kernel X.X?". They write about Linux, they use Linux,
they should handle it with Linux... or fail like they do now. :))
But if they ever would start using OpenBSD for their Firewalls and
Servers I'm sure they could also spend some money to the project.

[demime 1.01d removed an attachment of type application/pgp-signature]

Follow-Ups:
- Re: protection against DDoS with Syn-Flood
  - From: Stefan Kell <skba.opbsd@gmx.de>

References:
- protection against DDoS with Syn-Flood
  - From: Stefan Kell <skba.opbsd@gmx.de>

Prev by Date: ▶전문대 졸업자인데 학사편입 원하시나요..? ◀
Next by Date: Reasonable size for state table in pf.conf
Prev by thread: protection against DDoS with Syn-Flood
Next by thread: Re: protection against DDoS with Syn-Flood
Index(es):
- Date
- Thread