Anti-DDOS alternatives

Looking for an alternative tool to replace Anti-DDOS? During the review of Anti-DDOS we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. iptables (network traffic filter)
  2. nftables (network traffic filtering)
  3. SCUTUM (ARP filtering)

These tools are ranked as the best alternatives to Anti-DDOS.

Alternatives (by score)

67

iptables

Introduction

The iptables tool is the userspace command line program part of the netfilter project. Since Linux 2.4 it is the standard packet filtering engine. Among standard traffic filtering, it can be used for Network Address Translation (NAT).

Project details

iptables is written in C.

Strengths and weaknesses

  • + The source code of this software is available
  • + Well-known tool

    Typical usage

    • Network traffic filtering

    iptables review

    67

    nftables

    Introduction

    nftables is supposed to replace netfilter as the primary interface of network filtering. It is available since Linux kernel 3.13. Both netfilter and nftables have been co-authored by Patrick McHardy.

    Project details

    nftables is written in C.

    Strengths and weaknesses

    • + The source code of this software is available

      Typical usage

      • Network traffic filtering

      nftables review

      60

      SCUTUM

      Introduction

      The primary goal of this solution is to prevent ARP spoofing by other computers on the local network. It uses a whitelist and blocks all other systems sending possible malicious ARP requests (e.g. with spoofing attack).

      Project details

      SCUTUM is written in Python.

      Strengths and weaknesses

      • + The source code of this software is available
      • - Full name of author is unknown

      Typical usage

      • Firewall management
      • Network traffic filtering

      SCUTUM review

      76

      vallumd

      Introduction

      This tool provides a centralized method to distribute ipset blacklists.

      Project details

      vallumd is written in C.

      Strengths and weaknesses

      • + The source code of this software is available

        vallumd review

        60

        Assimilator

        Introduction

        A tool like Assimilator can be of great help to 'normalize' all firewall rules into one place. Especially when a company uses different firewalls, each with their own syntax and specifics. Assimilator will then simplify the way firewall rules are created and managed.

        Project details

        Assimilator is written in Python.

        Strengths and weaknesses

        • + The source code of this software is available

          Typical usage

          • Network traffic filtering

          Assimilator review

          81

          Douane

          Introduction

          Douane is an application firewall that blocks unknown or unwanted traffic. It provides a more fine-grained filtering as it looks at the combination of application and used network ports. This is useful when allowing common browse traffic on port 80 and 443. Instead of all applications being able to use this port, only the ones that are granted access will be able to do so. When a new connection is not trusted yet, Douane will ask to allow or deny the traffic stream.

          Project details

          Douane is written in C, C++, GTK+.

          Strengths and weaknesses

          • + The source code of this software is available

            Typical usage

            • Network traffic filtering

            Douane review

            68

            pyknock

            Introduction

            Port knocking tools typically hide services from the outside world by requesting a 'secret'. This secret is like a special way of knocking on a door, to let others know you can be trusted. It does not replace a password or other method of authentication, yet adds another layer to it.

            Project details

            pyknock is written in Python.

            Strengths and weaknesses

            • + The source code of this software is available
            • - No releases on GitHub available

            Typical usage

            • Network traffic filtering
            • System hardening

            pyknock review

            Some relevant tool missing as an alternative to Anti-DDOS? Please contact us with your suggestion.