mailing list archives
Re: DDOS Attack Mitigation
From: ryan () SECURITYFOCUS COM (Ryan Russell)
Date: Wed, 16 Feb 2000 07:20:33 -0800
On Tue, 15 Feb 2000, Alan Brown wrote:
On Sun, 13 Feb 2000, Darren Reed wrote:
You know if anyone was of a mind to find someone at fault over this,
I'd start pointing the finger at ISP's who haven't been doing this
due to "performance reasons".
To be fair, if you do this on most terminal servers (eg, Cisco 5300, Max
4000), they will collapse under the load.
How exactly are you configuring these things? You're not trying to do
filtering on a per-dialup or per-user basis, are you? You put one
outbound filter on the Ethernet or WAN interface that covers the dialup
address pool. Or on the next router out. All the ISPs I've seen (and
granted, it's only a few) have another router in front of the dialup
router. Sure, dialup users will still be able to spoof at each-other, but
I assume that's a much smaller concern.