| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Jun 2011 18:46:19 -0700 From: coderman <coderman@...il.com> To: ±è¹«¼º <kimms@...osec.co.kr> Cc: full-disclosure@...ts.grok.org.uk, pen-test@...urityfocus.com Subject: Re: how to detect DDoS attack through HTTP response analysis(throuput) 2011/6/29 ±è¹«¼º <kimms@...osec.co.kr>: > You don't understand my question. > > I'm studying and researching about solution of DDoS detection through > analysis of HTTP responses... i implied that this is less than useful on actual systems than in theory / lab. if you want to gather useful details you need to instrument analysis of HTTP requests/responses individually - just culling logs or counting netflows won't cut it. for example, measuring long requests at a front-end proxy (haproxy, nginx, other) separate from measuring the application request/response relayed to backend. measuring SSL session establishment, resumption separate from HTTP requests within that session. measuring TCP congestion control over which HTTP requests are sent. etc, etc... the list of papers / sources covering large-scale network and application performance tuning for the web is too large to list here. good luck! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists