[Firewall] IDS Functionality

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Mon Feb 17 09:49:38 CET 2014

IDS isn't meant to protect against DoS-attacks of your server. It's hard 
to protect against DoS-attacks, especially if they're distributed. 
syncookies help a bit, and properly configuring your webserver, but 
that's about it I guess....


On 14-Feb-14 16:14, Gene Cooper wrote:
> Hi All,
> I hope this isn't a stupid question or one that's been answered already...
> I am in the process of upgrading a hosting platform to new hardware in a
> new datacenter.  Basically, I'm talking about Virtualmin on CentOS 6
> bastion hosts (no forwarding).
> Last year, I had terrible problems with botnets.  Still do.  I had to
> get really ugly by making Apache throw errors at specific (rather
> benign) URLs and then using Fail2Ban to firewall off the IP addresses at
> the very first error.  I had to add RAM and CPU and I still ended up
> with an under-performing web/mail server with many thousands of DROP
> rules.  It was NOT fun and I had to spend too much time configuring a
> less than perfect solution.
> So, now that I'm upgrading, I wanted to ask it you all know of a better
> solution?  Is there any easy-to-integrate-with-AFW IDS?
> Suggestions?
> Thanks,
> G
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl

More information about the Firewall mailing list