On Tue, 2010-03-16 at 07:53 +0000, gordon b slater wrote:
Hmm, the "hey! it's open source!" factor doesn't hold much sway in the network world, no-one will be amazed at that. Many observers are surprised at the amount of free software employed by ISPs and the like, but it's certainly no news to insiders.
Not to mention that it is only "open source for private non-commercial use only", and is crippled. Also, Obeseus doesn't seem to be any better then stuff I have made myself for my own usage and clients' usage. All it does it look at a pcap dump and analyze it. Obeseus is actually worse: it does not work in realtime, the data structures it uses are not suited to realtime detection, and in a DDoS, I think this could take several minutes to trigger appropriate events like IP nullroutes and ACLs etcetera. The best way to detect DDoS is to run a 30 second rolling average. If you're suddenly doing a gigabit inbound within 30 seconds of UDP traffic, you're probably being DDoSed ;). William