From: "Bob Young" <bob at lavamail dot net>
> I'm not sure if WISP operators need to worry about DOS attacks or not?
> so, how do M0n0wall WISP operators here handle DOS attacks?
I had one not too long ago. First, you router is the wrong place to handle
it. This is because by the time it gets to you, it has already used your
bandwidth. You need to work with the provider. However, m0n0wall has very
good logs, so it is easier. During the attack, I had the providers NOC on
the phone. I would grab a chunk of logs and cut and past them in to a
spread sheet. Sort by IP address, and give ranges for the ISP to black hole
on his router.
> Maybe a separate firewall capable of fending off DOS attacks, should be
> in conjunction with M0n0wall?
Yes. The one in the NOC of your ISP. A DOS attack works by filling the pipe
between you and the ISP.
> Maybe I'm overly worried about DOS attacks and WISP operators don't run
> DOS attacks all that often?
Not too often... Commercial accounts with websites more often, but still