Bugtraq mailing list archives
Re: DDOS Attack Mitigation
From: ab () IVM NET (Andreas Busse)
Date: Wed, 16 Feb 2000 08:49:19 +0100
Hello all, On Tue, 15 Feb 2000, Darren Reed wrote:
It's good to see that ISP's around the world prefer to have $$ in the bank rather than a secure Internet. Little wonder that hacking is so prevalent.
I'd like to add that we (as a rather small german ISP) filter source addresses too, at least on most ports. I cannot count the number of refused packets per day, but it seems that source address filtering does _not_ lead into heavy processor load, even on relatively underpowered Cisco 4000 (not 4500 or 4700) routers. The reason is perhaps that people stop their attacks as soon they notice or at least guess that not a single packet reaches the target host. I do understand that filtering is not possible on DS3 or STM1 or even faster lines without overloading routers. But, if you filter near to source, ie. on the probably many different ports _behind_ the STM1, there is no need for filtering on high speed interfaces. Best regards, Andreas Busse -- IVM Gesellschaft fuer Internet, Vernetzung und Mehrwertdienste mbH Zissener Strasse 8 - D-53498 Waldorf - Fon 02636-9769-0 Fax 02636-9769-999 - http://www.ivm.net/ - info () ivm net Internet/Intranet Services, Consulting und Netzwerkloesungen
Current thread:
- Re: DDOS Attack Mitigation, (continued)
- Re: DDOS Attack Mitigation Ryan Russell (Feb 16)
- Administrivia Elias Levy (Feb 16)
- Re: DDOS Attack Mitigation John Payne (Feb 14)
- Re: DDOS Attack Mitigation Julien Nadeau (Feb 14)
- Re: DDOS Attack Mitigation Bennett Todd (Feb 15)
- rp_filter? (was Re: DDOS Attack Mitigation) Julien Nadeau (Feb 18)
- Re: DDOS Attack Mitigation Homer Wilson Smith (Feb 14)
- Re: DDOS Attack Mitigation Andrzej Bialecki (Feb 14)
- Re: DDOS Attack Mitigation Darren Reed (Feb 14)
- "Association of Responsible Internet Providers"? David Nesting (Feb 15)
- Re: DDOS Attack Mitigation Andreas Busse (Feb 15)
- Re: Evil Cookies. Ari Gordon-Schlosberg (Feb 08)
- Re: Evil Cookies. Michael Bryan (Feb 08)
- Statistical Attack Against Virtual Banks Andre L. Dos Santos (Feb 08)
- Re: Statistical Attack Against Virtual Banks HC Security (Feb 08)
- Re: Statistical Attack Against Virtual Banks Andre L. Dos Santos (Feb 08)
- Re: Statistical Attack Against Virtual Banks HC Security (Feb 09)
- Re: Statistical Attack Against Virtual Banks Swift Griggs (Feb 09)
- Re: Statistical Attack Against Virtual Banks Andre L. Dos Santos (Feb 08)
- SCO OpenServer SNMPD vulnerability NAI Labs (Feb 07)
- Re: Tempfile vulnerabilities Werner Koch (Feb 02)