Re: protection against DDoS with Syn-Flood

[Stefan Kell <skba.opbsd@gmx.de>]

Hi Tony,

it seems that the attacker was quickly reacting and changing the attack.

Regards

Stefan Kell

On Tue, 1 Feb 2005, Tony Sarendal wrote:

> On Tue, Feb 01, 2005 at 05:59:07PM +0100, Stefan Kell wrote:
> > Hi folks,
> >
> > starting on monday, heise-online (http://www.heise.de), a wellknown german
> > newssite, is under a massive ddos attack with syn-flooding. As far as I
> > know, they are connected to the net with 100mbit/s via switches and load
> > balancers directly at the central de-cix node in Frankfurt. Their load
> > balancers crashed due to the heavy load according to heise-online.
> >
> > Question to the specialists here: could OpenBSD's syn-proxy feature handle
> > the situation better, especially without crashes? What parameters could be
> > optimized so that this load can be handled?
> >
>
> This depends on the nature of the attack and their network.
>
> Most DDOS attacks I deal with are in the region of 50-250kpps.
> I belive that an obsd box should be able to handle the lower region of these.
> I don't speak from experience though, as I can't use obsd or other
> free software for the situation I am in.
>
> I don't know any of the details of this attack, wasn't their provider
> able to sort it out ?
>
> /Tony S
>
> --
> ---
> Tony Sarendal - tony.sarendal@polarcap.org - sip:tony.sarendal@polarcap.org
> Cisco/Unix/Babies
> 	-= The scorpion replied,
> 		"I couldn't help it, it's my nature." =-