[EAS] [BC] EAS Zombie Attack Solution?

[Alex Hartman]

That kind of list would be very useful, but i think that the boxes are
a wee bit under powered for that capability, all except the DASDEC i
believe do not have enough horsepower to have a table of 100,000+ IP
addresses to keep track of which would be a very small number in the
grand scheme considering how many IP/Servers SORBS and other RBL lists
handle in a given day. It would also put a bit of a strain on the end
users network to keep updating such a file i'd think. Which is why
SORBS and RBLs are kept at the server level, not the end-user level.
(though i do know a few end users who are hardcore enough to do so)

I do believe though that the DASDECs (as was mentioned on another
list) does do a login/attack attempt email to the admin user and does
create a blacklist/banlist (simple iptables i'd assume). I'm not aware
of any other box however that does that function. My Sage does not.
Not even sure about any of the converters like the TFT.

However, if you have a moderate firewall (not just a router in the
corner), the firewall would be able to handle such a list quite
easily, and most do out there today. I use pfSense on my stuff,
running on throw-away P4-3.2Ghz HP desktops. Handles 90+ users daily
with no issue. (It used to be an old Celeron 700, but i started doing
Anti-virus and spamassassin which over-taxed the CPU, thus the
upgrade) pfSense also does VPN, handles NAT/PAT/etc, best of all, it's
free... caveat emptor however, it does require a little bit of
know-how in BSD and understanding kernel mode tweaking to be highly
effective, not just another linksys.

DDoSes still have to be bit bucketed by your upstream provider however. :/

--
Alex Hartman