[28680] in North American Network Operators' Group
Re: New Internet-draft on DDOS defense...
daemon@ATHENA.MIT.EDU (Vipul Shah)
Fri May 12 06:08:22 2000
Message-Id: <s91b8316.092@prv-mail20.provo.novell.com>
Date: Fri, 12 May 2000 03:56:01 -0600
From: "Vipul Shah" <svipul@novell.com>
To: <bross@netrail.net>, "Vipul Shah" <SVIPUL@novell.com>
Cc: <nanog@merit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Errors-To: owner-nanog-outgoing@merit.edu
>
>Another point that hasn't been mentioned in this thread is that this type
>of attack is very easy to track down, since all the echo-reply packets
>will have addresses in the same subnet. A good portion of the problem
>with smurf attacks is not so much the attack itself as the painful =
process
>of tracking it to it's source.
>
By the time you trace the packets, identify the subnet, and convince =
the=20
Network Administrator to detach the compromized system from the network,
the victim's router might have crashed. Especially, when there are =
more=20
than one DDoS agents are compromized over different networks, the=20
victim site may loose several hours of business!
Vipul
>Brandon Ross 404-522-5400
>VP Engineering, NetRail http://www.netrail.net=
=20
>AIM: BrandonNR ICQ: 2269442
>Read RFC 2644!
>Stop Smurf attacks! Configure your router interfaces to block directed
>broadcasts. See http://www.quadrunner.com/~chuegen/smurf.cgi for details.
>
>
>
