ANC website attack: how did IS react?

[r00igev@@r]

If you set that on the firewall, you will still be receiving an extremely large amount of data travelling to your website.

????

How would that be the case when the attacker is unable to complete a handshake?

Real simple would be to install pfsense and use pfblocker or even subscribe to ThreatSTOP. An additional measure would be to use OpenDNS which will prevent a botnet call-home.

 

[r00igev@@r]

You do not use a firewall to mitigate a DDoS attack, period. Firewalls are usually the first thing to choke in an attack, and mitigation has to be done before them, on dedicated devices with ASICs designed to perform only this function. They also have to have enough bandwidth (usually tens of Gigabits+) to absorb the attack before cleaning the inbound traffic. There is a reason these mitigation devices (and services using them) are freaking expensive: they are the only thing that can do the job. Lord Nikon6 is right - simple rules on a firewall will be sidestepped by a 12 year old script kiddie, and that's if the CPS or volume of traffic hasn't bombed your firewall before that.

As to your second statement - many firewalls run in L2 mode while doing L3+ inspection. They do not have to act as routers or gateways.

It sounds like the attack was a script kiddie attack and the service provider didn't even attempt any type of fundamental router or firewall mitigation.

BTW: Are you suggesting the service provider uses the latter? What is a firewall that uses L2 mode while doing L3+ inspection? That would be an IDS like snort?

 

[Lord Nikon6]

It sounds like the attack was a script kiddie attack and the service provider didn't even attempt any type of fundamental router or firewall mitigation.

This I can agree with.

????

How would that be the case when the attacker is unable to complete a handshake?

Sorry, spoke wrong here. This was to be at the end of my post. Point I was trying to make is that a firewall will not stop all of the attacks.