[Firewall] IDS Functionality

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Mon Feb 17 09:49:38 CET 2014


IDS isn't meant to protect against DoS-attacks of your server. It's hard 
to protect against DoS-attacks, especially if they're distributed. 
syncookies help a bit, and properly configuring your webserver, but 
that's about it I guess....

a.

On 14-Feb-14 16:14, Gene Cooper wrote:
> Hi All,
>
> I hope this isn't a stupid question or one that's been answered already...
>
> I am in the process of upgrading a hosting platform to new hardware in a
> new datacenter.  Basically, I'm talking about Virtualmin on CentOS 6
> bastion hosts (no forwarding).
>
> Last year, I had terrible problems with botnets.  Still do.  I had to
> get really ugly by making Apache throw errors at specific (rather
> benign) URLs and then using Fail2Ban to firewall off the IP addresses at
> the very first error.  I had to add RAM and CPU and I still ended up
> with an under-performing web/mail server with many thousands of DROP
> rules.  It was NOT fun and I had to spend too much time configuring a
> less than perfect solution.
>
> So, now that I'm upgrading, I wanted to ask it you all know of a better
> solution?  Is there any easy-to-integrate-with-AFW IDS?
>
> Suggestions?
>
> Thanks,
>
> G
>
>
>
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
>


More information about the Firewall mailing list