[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: can i use openBSD4.2 for prevention of DoS attacks
- To: advocacy_(_at_)_openbsd_(_dot_)_org
- Subject: Re: can i use openBSD4.2 for prevention of DoS attacks
- From: Han Hwei Woo <hhw_(_at_)_pce-net_(_dot_)_com>
- Date: Wed, 02 Jul 2008 15:56:27 -0700
It's important to differentiate what type of DoS attack you're referring
to. Whether it's a network traffic based DoS (bandwidth or pps), or a
software vulnerability based DoS makes a world of difference. The
patches you're referring to are probably based on software
vulnerabilities in OpenBSD itself, and can be exploited without a large
amount of traffic. To test the DoS vulnerability in software, you would
either need to code something up yourself to take advantage of the
vulnerability, or look for some proof of concept code that does it.
To stop remote software based DoS'es on other platforms using OpenBSD as
a router/firewall is a bit trickier. If the attack is on a legitimate
service that needs to be open, you'd need deep packet inspection. You
could use Hogwash, that makes use of Snort to do inline packet scrubbing.
As for traffic based attacks, there are single source DoS'es that can't
be stopped, just as there are DDoS'es that can be stopped easily. What
matters most if whether the attack traffic can be distinguished from
legitimate traffic, or whether your network/hardware/server can handle
the attack volume.
Of course, a single source DoS is easier to distinguish from legitimate
traffic, since you can just block the source IP, but some DDoS'es are
also easy enough to filter out based on protocol, port, etc.
OpenBSD/PF does a good enough job with smaller network attacks. Your
hardware, configuration, rule set, etc.. will all affect how much
traffic your setup can handle. For larger attacks, you'll need
specialized hardware that makes use of ASIC's instead of generic PC
hardware. For the really big attacks, there's nothing you can do
yourself, as the attack will need to be handled upstream by a DDoS
mitigation provider, like Ypigsfly http://www.ypigsfly.com .
-Han Hwei Woo
2008/7/2 kavitha reddy <dwaramkavithareddy_(_at_)_yahoo_(_dot_)_com>:
Iam kavitha working as ASSOC. Prof. in a reputed engg. college,INDIA.I
would be very much glad to if u can do this favour.
very recently i bought openBSD 4.2 (pack of 3CD's).Now, as a part of my
research work iam interested to know whether it is possible to show DoS
attacks in openBSD 4.1 .If so let me know how can that be possible.As u said
when a patch added to openBSD 4.2 , prevents remote DoS attacks.How can this
With ur kind help , i can further continue my research work on this.
Anyhow, thanks for sparing ur valuable time to read this.
Are you sure you want to prevent DoS attack? Or DDoS attack? As far as
I know of you can only prevent a DoS attack, but it is impossible to
prevent DDoS attack within the system itself on any OS on the planet.
Also, the latest release of OpenBSD is 4.3, 4.2 is still being
maintained and 4.1 would have discontinued support.
You might get better answers by searching in the misc archive.
Visit your host, monkey.org