Re: OpenBSD and SYNFlood / DDoS protection

2008-07-19 Thread Ryan McBride
synproxy in pf already makes sure the 3-way handshake completes before the connection is completed on the other side; rate limiting can also be done on the OpenBSD firewall, so it's not clear why you would need an extra box there. The bigger problem with DDoS attacks is that the upstream pipe is

Re: OpenBSD and SYNFlood / DDoS protection

2008-07-19 Thread ropers
2008/7/19 Parvinder Bhasin [EMAIL PROTECTED]: This maybe dumb but won't hurt to throw this out there, maybe this has to be built with combination of tools, technologies etc but i would definately like to first collect as much info and then maybe work on this (or maybe the solution - open

Re: OpenBSD and SYNFlood / DDoS protection

2008-07-19 Thread Henning Brauer
* Ryan McBride [EMAIL PROTECTED] [2008-07-19 10:16]: The bigger problem with DDoS attacks is that the upstream pipe is filled up with traffic that was true in the 90s, and maybe the first half of this decade, but really isn't any more. Most server installs I have worked with have the pipe limit

Re: OpenBSD and SYNFlood / DDoS protection

2008-07-19 Thread Parvinder Bhasin
On Jul 19, 2008, at 1:26 AM, ropers wrote: 2008/7/19 Parvinder Bhasin [EMAIL PROTECTED]: This maybe dumb but won't hurt to throw this out there, maybe this has to be built with combination of tools, technologies etc but i would definately like to first collect as much info and then maybe work

Re: OpenBSD and SYNFlood / DDoS protection

2008-07-19 Thread ropers
On Jul 19, 2008, at 1:26 AM, ropers wrote: I don't mean to be impolite, but considering that these guys http://www.rayservers.com/ddos-protection are the first Google hit for firewall ddos protection openbsd (w/o quotation marks), it would seem to me that you maybe didn't Use Teh Google.

Re: OpenBSD and SYNFlood / DDoS protection

2008-07-19 Thread Henning Brauer
* Parvinder Bhasin [EMAIL PROTECTED] [2008-07-19 23:12]: Perhaps I didn't make it clear..maybe but yeah..I totally know that there are PAY solutions, like I mentioned that I know of many devices that can achieve this. I have done research on these devices and was thinking maybe something (

Re: OpenBSD and SYNFlood / DDoS protection

2008-07-19 Thread Parvinder Bhasin
On Jul 19, 2008, at 2:31 PM, ropers wrote: On Jul 19, 2008, at 1:26 AM, ropers wrote: I don't mean to be impolite, but considering that these guys http://www.rayservers.com/ddos-protection are the first Google hit for firewall ddos protection openbsd (w/o quotation marks), it would seem to me

Re: OpenBSD and SYNFlood / DDoS protection

2008-07-19 Thread Parvinder Bhasin
btw: Ropers Thanks for the link. On Jul 19, 2008, at 2:31 PM, ropers wrote: On Jul 19, 2008, at 1:26 AM, ropers wrote: I don't mean to be impolite, but considering that these guys http://www.rayservers.com/ddos-protection are the first Google hit for firewall ddos protection openbsd (w/o

OpenBSD and SYNFlood / DDoS protection

2008-07-18 Thread Parvinder Bhasin
This maybe dumb but won't hurt to throw this out there, maybe this has to be built with combination of tools, technologies etc but i would definately like to first collect as much info and then maybe work on this (or maybe the solution - open source is already out there , in that case I