[Firewall] IDS Functionality
Arno van Amersfoort
arnova at rocky.eld.leidenuniv.nl
Mon Feb 17 09:49:38 CET 2014
IDS isn't meant to protect against DoS-attacks of your server. It's hard
to protect against DoS-attacks, especially if they're distributed.
syncookies help a bit, and properly configuring your webserver, but
that's about it I guess....
On 14-Feb-14 16:14, Gene Cooper wrote:
> Hi All,
> I hope this isn't a stupid question or one that's been answered already...
> I am in the process of upgrading a hosting platform to new hardware in a
> new datacenter. Basically, I'm talking about Virtualmin on CentOS 6
> bastion hosts (no forwarding).
> Last year, I had terrible problems with botnets. Still do. I had to
> get really ugly by making Apache throw errors at specific (rather
> benign) URLs and then using Fail2Ban to firewall off the IP addresses at
> the very first error. I had to add RAM and CPU and I still ended up
> with an under-performing web/mail server with many thousands of DROP
> rules. It was NOT fun and I had to spend too much time configuring a
> less than perfect solution.
> So, now that I'm upgrading, I wanted to ask it you all know of a better
> solution? Is there any easy-to-integrate-with-AFW IDS?
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> Arno's (Linux IPTABLES Firewall) Homepage:
More information about the Firewall