[Tfug] (D)DoS countermeasures
Bexley Hall
bexley401 at yahoo.com
Sun May 12 18:33:25 MST 2013
Hi,
To be clear, I can't protect against (D)DoS attacks anywhere
"upstream" of the first "smart" exposed interface. I.e.,
a router, bastion host, etc. -- something that can filter and
discard the offending traffic.
And, regardless, I can do nothing to impact *incoming* bandwidth
upstream of that point. (I.e., if the link is saturated with
adversarial traffic, nothing *I* might want can get through...
including replies to outbound service requests!).
Bottom line, all I can do is protect *within* this secured
portion of the network (?). And, push smarts out to the fringe
to keep the cruft from having *any* impact on internal operations.
--don
More information about the tfug
mailing list