Bugtraq mailing list archives

Re: DDOS Attack Mitigation

From: carson () TLA ORG (Carson Gaspar)
Date: Tue, 15 Feb 2000 19:03:58 -0500

"Alan" == Alan Brown <alan () MANAWATU GEN NZ> writes:


Alan> On Sun, 13 Feb 2000, Darren Reed wrote:

You know if anyone was of a mind to find someone at fault over this,
I'd start pointing the finger at ISP's who haven't been doing this
due to "performance reasons".


Alan> To be fair, if you do this on most terminal servers (eg, Cisco 5300, Max
Alan> 4000), they will collapse under the load.

What!? What did you try, applying ACLs to every modem line?

A _sufficient_ defense is to apply an outbound access list on the
network interface of the terminal server, permiting sources of all subnets
served by that terminal server and denying all other source IP
addresses. This is a _very_ small ACL, and it's fast-path. If that's enough
to cause the router to collapse, it had zero headroom to start with, and was
about to become a boat anchor.

--
Carson Gaspar -- carson () tla org carson () cs columbia edu carson () cugc org
http://www.cs.columbia.edu/~carson/home.html
Queen Trapped in a Butch Body

Current thread:

Re: Packet Tracing (linux klog patch), (continued)
- - - Re: Packet Tracing (linux klog patch) Andrzej Bialecki (Feb 17)
    - crash windows boxes on your local network (twinge.c) sinkhole () NILL NET (Feb 10)
    - Re: crash windows boxes on your local network (twinge.c) Elias Levy (Feb 14)
    - DDOS Attack Mitigation Elias Levy (Feb 11)
    - TESO - Nameserver traffic amplify and NS route discovery Sebastian (Feb 12)
    - Re: DDOS Attack Mitigation Darren Reed (Feb 13)
    - Re: DDOS Attack Mitigation Alan Brown (Feb 14)
    - Re: DDOS Attack Mitigation Darren Reed (Feb 14)
    - NetBSD Security Advisory 1999-012 Daniel Carosone (Feb 15)
    - Re: DDOS Attack Mitigation Chris Cappuccio (Feb 15)
    - Re: DDOS Attack Mitigation Carson Gaspar (Feb 15)
    - Re: DDOS Attack Mitigation John Edwards (Feb 15)
    - Re: DDOS Attack Mitigation Ryan Russell (Feb 16)
    - Administrivia Elias Levy (Feb 16)
    - Re: DDOS Attack Mitigation John Payne (Feb 14)
    - Re: DDOS Attack Mitigation Julien Nadeau (Feb 14)
    - Re: DDOS Attack Mitigation Bennett Todd (Feb 15)
    - rp_filter? (was Re: DDOS Attack Mitigation) Julien Nadeau (Feb 18)
    - Re: DDOS Attack Mitigation Homer Wilson Smith (Feb 14)
    - Re: DDOS Attack Mitigation Andrzej Bialecki (Feb 14)
    - Re: DDOS Attack Mitigation Darren Reed (Feb 14)

(Thread continues...)