Re: DDOS Attack Mitigation

[ab () IVM NET (Andreas Busse)]

Hello all,

On Tue, 15 Feb 2000, Darren Reed wrote:

> It's good to see that ISP's around the world prefer to have $$ in the bank
> rather than a secure Internet.  Little wonder that hacking is so prevalent.

I'd like to add that we (as a rather small german ISP) filter source
addresses too, at least on most ports. I cannot count the number
of refused packets per day, but it seems that source address filtering
does _not_ lead into heavy processor load, even on relatively
underpowered Cisco 4000 (not 4500 or 4700) routers. The reason is
perhaps that people stop their attacks as soon they notice or at
least guess that not a single packet reaches the target host.

I do understand that filtering is not possible on DS3 or STM1 or even
faster lines without overloading routers. But, if you filter near to
source, ie. on the probably many different ports _behind_ the STM1,
there is no need for filtering on high speed interfaces.

Best regards,
Andreas Busse

--

IVM Gesellschaft fuer Internet, Vernetzung und Mehrwertdienste mbH
    Zissener Strasse 8 - D-53498 Waldorf - Fon 02636-9769-0
    Fax 02636-9769-999 - http://www.ivm.net/ - info () ivm net
  Internet/Intranet Services, Consulting und Netzwerkloesungen