Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: DDOS Attack Mitigation
From: abial () WEBGIRO COM (Andrzej Bialecki)
Date: Mon, 14 Feb 2000 22:21:46 +0100


On Sun, 13 Feb 2000, Darren Reed wrote:

In some mail from Elias Levy, sie said:
[...]
Network Ingress Filtering:
--------------------------

All network access providers should implement network ingress filtering
to stop any of their downstream networks from injecting packets with
faked or "spoofed" addressed into the Internet.

Although this does not stop an attack from occurring it does make it
much easier to track down the source of the attack and terminate it
quickly.

For information on network ingress filtering read RFC 2267:
http://info.internet.isi.edu/in-notes/rfc/files/rfc2267.txt

You know if anyone was of a mind to find someone at fault over this,
I'd start pointing the finger at ISP's who haven't been doing this
due to "performance reasons".  They've had the ability to do it for
years and in doing so would seriously reduce the number and possibility
of "spoofing" attacks.

Well, I worked at such ISP. The issue was really simple: given the choice
between:

putting a Cisco 25xx for $x000 and hope that we can deal with the
problem when/if the customers start misbehaving, or

putting a Cisco 47xx for $x0000, and possibly never experience the
problem, but having spent awful lot of money

the decision to select the former had its firm economic ground, don't you
think?

Andrzej Bialecki

//  <abial () webgiro com> WebGiro AB, Sweden (http://www.webgiro.com)
// -------------------------------------------------------------------
// ------ FreeBSD: The Power to Serve. http://www.freebsd.org --------
// --- Small & Embedded FreeBSD: http://www.freebsd.org/~picobsd/ ----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault