[38912] in North American Network Operators' Group
RE: DDOS anecdotes
daemon@ATHENA.MIT.EDU (Tim Devries)
Sat Jun 23 16:11:25 2001
Message-ID: <05924A4A9DEDAD46A21EE3C8C64B090D2EDEB4@cheetah.zoo.q9networks.com>
From: Tim Devries <Tim.Devries@Q9.com>
To: "'nanog@merit.edu'" <nanog@merit.edu>
Date: Sat, 23 Jun 2001 16:10:37 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C0FC20.9750C8E8"
Errors-To: owner-nanog-outgoing@merit.edu
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C0FC20.9750C8E8
Content-Type: text/plain;
charset="iso-8859-1"
-----Original Message-----
From: woods@weird.com [mailto:woods@weird.com]
Sent: Saturday, June 23, 2001 3:56 PM
To: nanog@merit.edu
Subject: RE: DDOS anecdotes
[ On Saturday, June 23, 2001 at 20:04:06 (+0200), Mikael Abrahamsson wrote:
]
> Subject: RE: DDOS anecdotes
>
> This is a real problem. It's not FUD. Microsofts choice to include full
> IP stack capabilities will make the problem worse, but I do not blame
> their IP stack for this like Mr Gibson does though.
>No, their stack's not the root of the problem -- all the rest of their
>OS is (and of course in particular the security model, or lack thereof).
FYI beware of service pack 2. It sets the DF bit so packets cannot
fragment. Particularily offensive if your server is on the other side of a
tunnel (due to the overhead). The solution is to reduce the MTU on the box.
Or use a different OS :)
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@acm.org> <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
------_=_NextPart_001_01C0FC20.9750C8E8
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2650.12">
<TITLE>RE: DDOS anecdotes</TITLE>
</HEAD>
<BODY>
<BR>
<BR>
<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: woods@weird.com [<A =
HREF=3D"mailto:woods@weird.com">mailto:woods@weird.com</A>]</FONT>
<BR><FONT SIZE=3D2>Sent: Saturday, June 23, 2001 3:56 PM</FONT>
<BR><FONT SIZE=3D2>To: nanog@merit.edu</FONT>
<BR><FONT SIZE=3D2>Subject: RE: DDOS anecdotes</FONT>
</P>
<BR>
<BR>
<P><FONT SIZE=3D2>[ On Saturday, June 23, 2001 at 20:04:06 (+0200), =
Mikael Abrahamsson wrote: ]</FONT>
<BR><FONT SIZE=3D2>> Subject: RE: DDOS anecdotes</FONT>
<BR><FONT SIZE=3D2>></FONT>
<BR><FONT SIZE=3D2>> This is a real problem. It's not FUD. =
Microsofts choice to include full</FONT>
<BR><FONT SIZE=3D2>> IP stack capabilities will make the problem =
worse, but I do not blame</FONT>
<BR><FONT SIZE=3D2>> their IP stack for this like Mr Gibson does =
though.</FONT>
</P>
<P><FONT SIZE=3D2>>No, their stack's not the root of the problem -- =
all the rest of their</FONT>
<BR><FONT SIZE=3D2>>OS is (and of course in particular the security =
model, or lack thereof).</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>FYI beware of service pack 2. It sets the DF =
bit so packets cannot fragment. Particularily offensive if your =
server is on the other side of a tunnel (due to the overhead). =
The solution is to reduce the MTU on the box. Or use a different =
OS :)</FONT></P>
<BR>
<BR>
<P> =
=
=
=
=
=
<FONT SIZE=3D2>Greg A. =
Woods</FONT>
</P>
<P><FONT SIZE=3D2>+1 416 218-0098 =
VE3TCP =
<gwoods@acm.org> =
<woods@robohack.ca></FONT>
<BR><FONT SIZE=3D2>Planix, Inc. <woods@planix.com>; =
Secrets of the Weird <woods@weird.com></FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C0FC20.9750C8E8--
