nanog mailing list archives
RE: Effective ways to deal with DDoS attacks?
From: "LeBlanc, Jason" <Jml () ebay com>
Date: Thu, 2 May 2002 10:22:28 -0700
I'm with Richard. Often the attacker is stupid enough to have something in the header that doesn't change that you can filter on. Looking at the payload would be a tough job with the size of some of these attacks. -----Original Message----- From: Richard A Steenbergen [mailto:ras () e-gerbil net] Sent: Thursday, May 02, 2002 10:19 AM To: Hank Nussbacher Cc: LeBlanc, Jason; 'Pete Kruckenberg'; nanog () merit edu Subject: Re: Effective ways to deal with DDoS attacks? On Thu, May 02, 2002 at 08:07:31PM +0200, Hank Nussbacher wrote:
At 12:23 PM 02-05-02 -0400, Richard A Steenbergen wrote:Thats what the IP2 does, match bytes in the headers and come back with a thumbs down or a thumbs up and a destination interface. It's really not that much harder to match the bytes for a dest port against a compiled ruleset and decide yes or no then it is to match the dest address against a forwarding table and decide which nexthop.Looking into the IP header is not enough. In order to filter DDOS packets
one has to look into the payload as well. I don't think routers are suitable for that level of filtering (think advanced NBAR).
I disagree. There are a world of things you can do when you look at the entire payload, from IDS to playing Big Brother. But stopping DDoS does not require it, in almost every case layer 3+4 headers is sufficient. -- Richard A Steenbergen <ras () e-gerbil net> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
Current thread:
- Re: Effective ways to deal with DDoS attacks?, (continued)
- Re: Effective ways to deal with DDoS attacks? Steven W. Raymond (May 06)
- Re: Effective ways to deal with DDoS attacks? Stephen Griffin (May 08)
- Message not available
- Re: Effective ways to deal with DDoS attacks? Lincoln Dale (May 05)
- RE: Effective ways to deal with DDoS attacks? Livio Ricciulli (May 02)
- RE: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 02)
- Re: Effective ways to deal with DDoS attacks? Aditya (May 02)
- Re: Effective ways to deal with DDoS attacks? Mark Turpin (May 02)
- Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 07)
- Re: Effective ways to deal with DDoS attacks? E.B. Dreger (May 07)
- Re: Effective ways to deal with DDoS attacks? E.B. Dreger (May 07)