[34021] in North American Network Operators' Group
Re: Proactive steps to prevent DDOS?
daemon@ATHENA.MIT.EDU (Richard A. Steenbergen)
Sat Jan 27 00:22:05 2001
Date: Sat, 27 Jan 2001 00:16:33 -0500 (EST)
From: "Richard A. Steenbergen" <ras@e-gerbil.net>
To: Valdis.Kletnieks@vt.edu
Cc: nanog@merit.edu
Message-ID: <Pine.BSF.4.21.0101270013340.38591-100000@overlord.e-gerbil.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, Jan 26, 2001 at 11:54:11PM -0500, Valdis.Kletnieks@vt.edu wrote:
>
> On Fri, 26 Jan 2001 16:40:04 PST, Sean Donelan said:
> > Most are suggestions for what other networks can do to prevent them from
> > being a source of a DDOS attack. There is less help for what the target
> > of a DDOS can do.
>
> Unfortunately, the current draft document for the Center for Internet Security
> (www.cisecurity.org) Solaris security checklist suffers from the same problem.
> It mandates RFC2644 broadcasts, RFC1918 martian and RFC2827 egress filtering,
> but I couldn't find any stuff on the victim end of it.
>
> If anybody can provide me with a good reference, I'll be happy to add
> it and give credit. http://www.sans.org/dosstep/index.htm is what I
> have currently on filtering. If you have a *partial* reference
> (something that will work for *many* or *most* sites, for example), I
> am able to phrase it as "Evaluate the techniques listed at <URL> for
> appropriateness".
>
> Anybody got input to add?
After much nagging^H^H^H^H^H^H^Hrequests, I put some concepts about DoS
down in writing.
http://www.e-gerbil.net/ras/dos.txt
Maybe it'll be useful.
--
Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
