Hello,
My question is not really "Tomcat" specific but, as my Webapp is a
"Tomcat" Webapp, I thought I should post this question here.
Below is what I would like to ask you:
How do you usually protect your "Tomcat" servers and Webapps from (D)DOS
((Distributed) Denial-of-service) attacks?
At first, I thought I would be able to detect a user's "abnormal"
behavior (which is not straightforward by the way...)
and then block the user/the IP packets based on their source IP.
But then I discovered about "IP spoofing" (changing the IP source in an
IP packet before sending it)...
So, here is another question: is there a way I could identify precisely
an "attacker" and block it?
I've been reading things on the Internet for several hours and I
couldn't find an answer to that question...
I've also been reading about "Deep packet inspection" (DPI) which would
(theoretically) allow to detect "abnormal" packets but I don't really
know what to think about it...
Is it a technique you commonly use? Which tools can be used?
Do you have a security strategy/some advices that you can share with me?
I know this is a delicate question (and I am not a potential attacker :).
Thank you and best regards,
--
Léa Massiot
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
