nanog mailing list archives
Re: Effective ways to deal with DDoS attacks?
From: Richard A Steenbergen <ras () e-gerbil net>
Date: Thu, 2 May 2002 12:09:39 -0400
On Thu, May 02, 2002 at 01:42:03AM -0700, Alexei Roudnev wrote:
It's a common approach - NEVER refuse new requests for the resource, if there is not enougph resource, drop some of the old users of the resource... In a lot of cases, it will derevent deadlock because you will be dropping the users who exhausted resource more than _correct_ users. It relay to the half connections, memory, etc etc... If case of _random_ IP addresses - ok, what's happen if you'll drop (always) FIRST packet from any new IP address? For the good SYN packet, you will receive a second request in a second; for a false one, you just filter out DDOS itself. This is not universal, but for the simple DDOS it will work.
It all depends on *what* is being DoS'd. The application? The TCP listen queue? The number of interrupts/sec that box can handle? The pipe on that box? The switch? The router? The providers router? The pipe between any of the previous 3? Any of these are potentially valid targets. Given a network which doesn't break, one can very easily expect a FreeBSD -STABLE box on a p3 1GHz to survive at least 100kpps of SYN flood. Past 144kpps you clog FastE completely, and need to go to GigE. I've seen well configured servers eatting 250kpps of SYN floods while still providing uninterrupted service, which is probably more then your router will be able to handle unless its a GSR or Juniper. But if you are on a DS3, or even if you have an OC48 from a provider who either doesn't want to or doesn't know how to protect their infrastructure from attacks, all of that means absolutily NOTHING. -- Richard A Steenbergen <ras () e-gerbil net> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
Current thread:
- Effective ways to deal with DDoS attacks? Pete Kruckenberg (May 01)
- Re: Effective ways to deal with DDoS attacks? dies (May 01)
- Re: Effective ways to deal with DDoS attacks? Avleen Vig (May 01)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 01)
- Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 01)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 01)
- Re: Effective ways to deal with DDoS attacks? Avleen Vig (May 02)
- Re: Effective ways to deal with DDoS attacks? Hank Nussbacher (May 02)
- Re: Effective ways to deal with DDoS attacks? Alexei Roudnev (May 02)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 02)
- Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 02)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 01)
- Re: Effective ways to deal with DDoS attacks? Pete Kruckenberg (May 01)
- Re: Effective ways to deal with DDoS attacks? Sean Donelan (May 01)
- Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 01)
- Re: Effective ways to deal with DDoS attacks? Pete Kruckenberg (May 06)
- Re: Effective ways to deal with DDoS attacks? Ralph Doncaster (May 06)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 06)
- Re: Effective ways to deal with DDoS attacks? Chris Adams (May 06)
- Re: Effective ways to deal with DDoS attacks? Pete Kruckenberg (May 01)