Firewall Wizards mailing list archives
Re: DDOS Countermeasures RFC
From: Gary Flynn <flynngn () jmu edu>
Date: Wed, 31 Jan 2001 09:10:01 -0500
Ryan Russell wrote:
On Mon, 29 Jan 2001, Marcus J. Ranum wrote:We're doomed, aren't we?
My cynical hero :)
No, not really. There are technical countermeasures to solve the problem. People just won't implement them until they have to. To take a page from your book... legislate that it's illegal to allow spoofed packets off your net if you're an ISP, school, etc..
Spoofing only makes it harder to find the source. If there are hundreds or thousands of compromised boxes in a similar number of different organizations, its still going to take time to track down the sources and/or filter the offending addresses. Thousands of compromised boxes are a very realistic possibility with IRC controlled DDOS activity on Windows boxes. Substitute a stealthy IRC bot for Hybris, ILOVEYOU, or any other popular virus and you get a large number of "willing" participants. Since the addresses aren't spoofed, I guess you could immediately filter them but the effects on the filters on processor utilization may in itself cause a DOS or at least degradation. Not sure. Probably depends a lot on topology, type and frequency of packets, line speed, and the device doing the filtering. There is also the matter of entering a thousand attacking IP addresses into the filter database :) For my cynical views: http://falcon.jmu.edu/~flynngn/whatnext.htm -------------------------------------- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/info-security/engineering/runsafe.shtml _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: DDOS Countermeasures RFC Ryan Russell (Jan 31)
- <Possible follow-ups>
- Re: DDOS Countermeasures RFC Gary Flynn (Jan 31)
- Re: DDOS Countermeasures RFC Ryan Russell (Jan 31)
- RE: DDOS Countermeasures RFC jan (Jan 31)
- Re: DDOS Countermeasures RFC Ryan Russell (Jan 31)
- Re: DDOS Countermeasures RFC TC Wolsey (Feb 03)
- Re: DDOS Countermeasures RFC jan (Jan 31)
- Re: DDOS Countermeasures RFC daN. (Jan 31)
- RE: DDOS Countermeasures RFC Ryan Russell (Jan 31)