mailing list archives
Re: DDOS Attack Mitigation
From: carson () TLA ORG (Carson Gaspar)
Date: Tue, 15 Feb 2000 19:03:58 -0500
"Alan" == Alan Brown <alan () MANAWATU GEN NZ> writes:
Alan> On Sun, 13 Feb 2000, Darren Reed wrote:
You know if anyone was of a mind to find someone at fault over this,
I'd start pointing the finger at ISP's who haven't been doing this
due to "performance reasons".
Alan> To be fair, if you do this on most terminal servers (eg, Cisco 5300, Max
Alan> 4000), they will collapse under the load.
What!? What did you try, applying ACLs to every modem line?
A _sufficient_ defense is to apply an outbound access list on the
network interface of the terminal server, permiting sources of all subnets
served by that terminal server and denying all other source IP
addresses. This is a _very_ small ACL, and it's fast-path. If that's enough
to cause the router to collapse, it had zero headroom to start with, and was
about to become a boat anchor.
Carson Gaspar -- carson () tla org carson () cs columbia edu carson () cugc org
Queen Trapped in a Butch Body