Vulnerability Development mailing list archives
Re: Networking theories
From: 11a () GMX NET (Bluefish)
Date: Sun, 7 May 2000 20:13:36 +0200
I recieved a request for the email I had in mind as a private email. I figgured it might be usefull readings for several others as well. The email I hand in mind was from CIAC (not CERT, typo): http://www.ciac.org/ciac/bulletins/k-032.shtml Related / similar pappers found with altavista: http://www.royans.net/insync/ddos/bugtraq_ddos1.shtml http://info.internet.isi.edu/in-notes/rfc/files/rfc2267.txt http://www.cisco.com/warp/public/707/newsflash.html http://www.sans.org/y2k/egress.htm (the CIAC paper is the best, IMHO) None of these papers actually describes how to protect against the attack mentioned in the original mail, but the attack wouldn't be possible if all mayor ISPs used EGRESS filtering. The papers does neither have a solution against any DDoS which sends correct, unspoofed packets. Additionally, Linux firewalls/routers could be setup to maximum anti-spoof security using: if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then echo -n "FIREWALL: Enabling kernel IP spoofing protection... " for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo "2" > $f done echo "done." fi ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
Any idea on where to obtain a copy of this email? Im not exactly a large ISP, but I do deal with a few large networking situations. ----- Original Message ----- From: "Bluefish" <11a () GMX NET> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Friday, May 05, 2000 5:06 PM Subject: Re: [VULN-DEV] Networking theoriesvictim.org(spoofed) ---> ICMP(source-quench) ---> router.victim.orgActually, there was a email from... cert (I think) ... intended for larger companies and ISPs with guidelines for combating DDoS. Among those guidelines there was recommendations of checking source IP. So it's a known problem which responsible ISPs will stop (but probably most doesn't) ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
Current thread:
- Re: Networking theories, (continued)
- Re: Networking theories Matthew King (May 05)
- Egress checking (was Re: Networking theories) Dick St.Peters (May 05)
- The Million Dollar Solution Matthew Harmon (May 05)
- Re: The Million Dollar Solution Ron DuFresne (May 05)
- Re: The Million Dollar Solution Rob Perry (May 06)
- Re: The Million Dollar Solution Jeremy Speer (May 06)
- Very Technical info about The VIRUS repair...but well laid out Robert Riebs (May 06)
- Administrivia #8704 (I think we should just be friends) Blue Boar (May 06)
- Re: The Million Dollar Solution (NOT?) Nohican (May 06)
- Re: Networking theories Matthew King (May 06)
- Re: Networking theories Bluefish (May 07)
- Re: Networking theories Aussie (May 07)
- Re: Networking theories Matthew R. Potter (May 07)
- Re: Networking theories J . Phillips (May 08)
- DoS Local machines Jason (May 07)
- Re: DoS Local machines Jonathan Williams (May 07)
- Re: DoS Local machines Seth R Arnold (May 07)
- Re: DoS Local machines Arturo Busleiman (May 10)
- Re: DoS Local machines TeeSPy (May 11)
- Re: DoS Local machines Jason (May 10)
- Re: DoS Local machines Barclay Osborn (May 11)
- Re: Networking theories Matthew R. Potter (May 07)
- Re: Networking theories Matthew King (May 05)