Archive for Thoughts
anti ddos
http://www.jebriggs.com/php/wordpress/?p=34
Worth a look if you are hosting some pages.
Blacklists during a DDOS? bah – no way. To quote Mark Pilgrim:
Savor this moment, folks. You can tell your children stories of how, back in the early days of weblogging, you could print out the entire spam blacklist on a single sheet of paper. Maybe with two or three columns and a smallish font, but still. Boy, those were the days.
And they won’t last. They absolutely won’t last. They won’t last a month. The domain list will grow so unwieldy so quickly, you won’t know what hit you. It’ll get so big that it will take real bandwidth just to host it. Keeping it a free download will make you go broke. Code is free, but bandwidth never will be. Do you have a business plan? You’ll need one within 6 months.
(from http://atomicplayboy.net/blog/2005/01/30/an-introduction-to-mod-security/)
I think the idea of examining the behviour of the user agent and determining if it is a human or not by the timing pattern of server hits, is probably the only way to deal with a distributed attack, where you never know where the next one is coming and as Mark says, pointless to use blacklists.
Its discussed here: http://archive.cert.uni-stuttgart.de/suse-security/2004/11/msg00054.html
some more relevant stuff:
(and a bit of background for netfilter before you jump in:http://en.wikipedia.org/wiki/Netfilter )and to start the learning curve this is the Dogs Bollocks: http://iptables-tutorial.frozentux.net/iptables-tutorial.html
and some more techniques: http://www.webhostingtalk.com/showthread.php?t=236954
