[27301] in North American Network Operators' Group
Re: Make Inggress Filtering the LAW for all ISPs!
daemon@ATHENA.MIT.EDU (Sam Thomas)
Fri Feb 11 08:59:43 2000
Date: Fri, 11 Feb 2000 13:57:37 +0000
From: Sam Thomas <sthomas@lart.net>
To: Toplez Razer <z28convertible@usa.net>
Cc: nanog@merit.edu
Message-ID: <20000211135737.A2680@lart.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <20000211130737.10330.qmail@nwcst277.netaddress.usa.net>; from Toplez Razer on Wed, Mar 19, 2036 at 12:35:53PM -0700
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, Mar 19, 2036 at 12:35:53PM -0700, Toplez Razer wrote:
>
> It should eliminate 99.9% of DOS attacks!
get off my soapbox! :-)
unfortunately, the new breed of ddos is even naughtier than smurf. it relies
on compromised hosts on which a daemon is placed to listen to requests, and
begin flooding someone else's network. really quite effective, and there
isn't just a whole lot of router magic that can save our butts from this.
good host security is absolutely essential to prevent the problem, and it's
not something where a bunch of rogue geeks can go around pointing fingers
and "blacklisting" potential middle-men as easily as they've done with
smurf and friends.
fortunately, we're all sure that our hosts are not compromised. ;-)
--
Sam Thomas
Geek Mercenary
