nanog mailing list archives

Re: Growing DoS attacks

From: Jared Mauch <jared () puck Nether net>
Date: Wed, 16 Jan 2002 18:53:44 -0500


        I think the point is that (despite everyones thoughts
that use it) IRC is not considered a super-important network service
these days.  If the irc server is dampened or the attack can't reach it
it just penalizes the compromised host(s) network(s) more than the
person who hosts the irc server.

        - jared

On Wed, Jan 16, 2002 at 06:49:48PM -0500, Paul Timmins wrote:


What about BGP route flap dampening, people use that, don't they?
-Paul

At 06:12 PM 1/16/2002, you wrote:

Get a box, and run Zebra BGPD, which will announce that /24 to your 
network.
Then do a script which monitors the traffic to the irc server, and on a
certain threshold, kill BGPD. wait a certain time, like 15minutes or so, 
and
restart BGPD. It would be nice to check the traffic every minute and if 2
consecutive checks are positive kill bgpd. That mean that you  may be able
to STOP dDoS to irc servers within 2-3 minutes...


-- 
Jared Mauch  | pgp key available via finger from jared () puck nether net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.

Current thread:

Re: Growing DoS attacks, (continued)
- - - Message not available
    - Re: Growing DoS attacks Vincent Gillet (Jan 17)
    - Re: Growing DoS attacks Jared Mauch (Jan 17)
    - Re: Growing DoS attacks Joe Abley (Jan 17)
    - Re: Growing DoS attacks Vincent Gillet (Jan 17)
    - Re: Growing DoS attacks Joe Abley (Jan 17)
    - Re: Growing DoS attacks Barb Dijker (Jan 17)
- Re: Growing DoS attacks Avleen Vig (Jan 16)
  - Re: Growing DoS attacks Tom Sands (Jan 17)
- Re: Growing DoS attacks Pascal Gloor (Jan 16)
  - Re: Growing DoS attacks Paul Timmins (Jan 16)
    - Re: Growing DoS attacks Jared Mauch (Jan 16)
    - Re: Growing DoS attacks Avleen Vig (Jan 16)
  - Re: Growing DoS attacks Eric Whitehill (Jan 16)
- RE: Growing DoS attacks LeBlanc, Jason (Jan 16)