[28677] in North American Network Operators' Group
Re: New Internet-draft on DDOS defense...
daemon@ATHENA.MIT.EDU (Brandon Ross)
Thu May 11 22:25:55 2000
Date: Thu, 11 May 2000 22:23:48 -0400 (EDT)
From: Brandon Ross <bross@netrail.net>
To: nanog@merit.edu
In-Reply-To: <s91a4def.034@prv-mail20.provo.novell.com>
Message-ID: <Pine.LNX.3.96.1000511222129.832E-100000@ogre.atl.netrail.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 11 May 2000, Vipul Shah wrote:
> The solution suggested by RFC2644 is for routers only, while the
> proposed solution is intended for end-nodes.
>
> If DDoS Smurf attack is generated using local broadcast, RFC2644
> solution won't prevent the attack. Read carefully the last paragraph of
> Section 1 of the draft.
Another point that hasn't been mentioned in this thread is that this type
of attack is very easy to track down, since all the echo-reply packets
will have addresses in the same subnet. A good portion of the problem
with smurf attacks is not so much the attack itself as the painful process
of tracking it to it's source.
Brandon Ross 404-522-5400
VP Engineering, NetRail http://www.netrail.net
AIM: BrandonNR ICQ: 2269442
Read RFC 2644!
Stop Smurf attacks! Configure your router interfaces to block directed
broadcasts. See http://www.quadrunner.com/~chuegen/smurf.cgi for details.
