-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jul 23, 2010, at 11:50 AM, Jeff Jennings wrote: > My goal is to use the features of ossec to identify and block dos attacks. > > They are coming in the form of http requests
Right, but a given DOS attack can be aimed at a multitude of targets.. For instance, the DOS can simply flood the system intending to overload the server itself through cpu and/or memory resource exhaustion. Or, the attacker can be aiming at filling up your internet feed. You have to deal with these attacks in different ways. The former may be mitigated through simple iptables rules to prevent the request from hitting your webserver process. For the latter, you typically have to get an upstream involved to help mitigate the attack. That said, there are existing rules that will automatically detect some of these attacks and you can use active-response to insert firewall rules automatically. - --------------------------- Jason 'XenoPhage' Frisvold [email protected] - --------------------------- "Any sufficiently advanced magic is indistinguishable from technology." - - Niven's Inverse of Clarke's Third Law -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iEYEARECAAYFAkxKb+sACgkQ8CjzPZyTUTTKTACeKZHJvaPwc8H3jm3RF0QSOLEz Fm0Ani/Sujo8JB33KHK0Pd0k7s8HOikR =8jNy -----END PGP SIGNATURE-----
