Bugtraq mailing list archives
Re: DDOS Attack Mitigation
From: aleph1 () SECURITYFOCUS COM (Elias Levy)
Date: Fri, 11 Feb 2000 15:28:00 -0800
Some updates and suggestions made by others to my earlier comments. Egress Filtering ---------------- Chris Brenton <cbrenton () sover net> reminded us of the flip coin of ingress filtering, egress filtering. It can be used by networks connecting to the Internet to make sure they are not a source of spoofed packets. You can find information about it at: http://www.sans.org/y2k/egress.htm Spoofed Packet Tracing ---------------------- Chris also pointed out a presentation by Robert Stone from UUNET given at NANOG on CenterTrack. CenterTrack is an overlay network that allows you easily determine the ingress network edge router of packets. This makes it easy to track down the source of spoofed packets. You can find the presentation slides at: http://www.nanog.org/mtg-9910/robert.html Network Auditing Tools ---------------------- David Brumley <dbrumley () rtfm stanford edu> pointed out the is at least one other free scanning tool called RID that will detect the presence of Trinoo, TFN, or Stacheldraht clients. You can find this tool at: http://theorygroup.com/Software/RID/ Axent has released an updated test for NetRecon to find hosts with DDOS agents. http://www2.axent.com/swat/News/nr30su1.htm ISS's Internet Scanner 6.01 will find hosts with DDOS agents. Intrusion Detection ------------------- Axent has released an updated signature for NetProwler to detect DDOS attacks and communication with the DDOS agents. http://www2.axent.com/swat/3download_np.htm ISS's RealSecure 3.2.1 will detect DDOS attacks and communication to with the DDOS agents. The Obvious ----------- Secure your machines. It won't stop you from being a victim of a DDOS attack but it will stop someone using you as a launching point for the attacks. You may be found liable if someone uses your network and hosts to attack someone else. Snake Oil --------- You should also be aware the are a number of companies out there that claim to have solutions to DDOS attacks that they will happily sell you. You should be skeptical of anyone peddling a "silver bullet" solution. Caveat emptor. -- Elias Levy SecurityFocus.com http://www.securityfocus.com/
Current thread:
- Re: DDOS Attack Mitigation Elias Levy (Feb 11)
- <Possible follow-ups>
- Re: DDOS Attack Mitigation Darren Reed (Feb 15)
- Re: DDOS Attack Mitigation Stainforth, Matthew (Feb 16)
- Re: DDOS Attack Mitigation Elias Levy (Feb 18)
- Re: DDOS Attack Mitigation Randy Bush (Feb 18)