Re: Recent Attacks

[Chris Cappuccio <chris () empnet com>]

On 17 Feb 2000 blyonpop () theshell com wrote:

 | anything but.  I feel the dent caused by many of these attacks could
 | certainly be reduced with proper policy and I honestly I do not think that
 | the sites under attack understand the dynamics involved in reducing the
 | damage of a DoS (distributed or not).  
 | 

The only thing that could prevent these types of attacks (or at least make
them practical to trace) is proper filtering on most all networks throughout
the Internet.  eBay's policy does not help when 800Mb+ of packets are coming
in from all directions.

I don't think it matters whether or not the sites involved understand the
dynamics of anything.  What dynamics?  You are getting flooded with packets.  
I'm sure with the money involved that these large attacked sites are able to
get adequate technical personnel and workable solutions.  See Cisco's
"Strategies for DDoS", which came out just recently:

http://www.cisco.com/warp/public/707/newsflash.html

I run a shell provider, an I've gotten several large (45M) smurf and syn
floods.  I think the real bones are when your upstream provider isn't
willing/able to do things like icmp rate limiting, (other versions exist for
syn and udp floods also), and when other networks (people) are uncooperative.  

-chris