Depends on the attack itself? are you worried about syn flood type attacks, on the tcp port itself?
or are you worried about ssl attacks that go through with ssl negotiation and simply strive to consume processing resources? the former has several solutions, including firewalls. the later is not as easy to protect yourself against. using honking big h/w accelerators is one solution. I don't know of any s/w solutions. -lee > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Neil Humphreys > Sent: Tuesday, August 19, 2003 2:24 PM > To: [EMAIL PROTECTED] > Subject: Re: OpenSSL denial of service > > > Shawn, > > Thanks for the response. > > It's a lovely thought, but it's not as simple as sticking in > a firewall I am > afraid .. that leaves > me open to attacks that can't be blocked by the firewall .. > such as attacks from inside the firewall, or attacks from > outside that use > the correct port and appear to come from a valid IP address (unless I > block tcp connections from the internet zone, which I cannot do). > > I was just wondering if anyone did anything to reduce the > impact of high > volume brute force attacks against the listening socket, that > cannot be > blocked in any trivial way (such as the firewall). > > I take it the answer's "no" then. > > > ----- Original Message ----- > From: "Shawn P. Stanley" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, August 18, 2003 9:38 PM > Subject: Re: OpenSSL denial of service > > > > I use a firewall, myself. > > > > On 8/18/03 3:08 PM, "Neil Humphreys" <[EMAIL PROTECTED]> wrote: > > > > > Hi > > > Has anyone got any good examples / advice / tricks for > reducing the > impact of > > > denial-of-service attacks on an SSL listening socket? > > > > > > cheers > > > Neil > > > > > > > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
