[39684] in North American Network Operators' Group
Re: Advanced Countermeasures to prevent a Ddos
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Fri Jul 20 00:31:24 2001
Date: Fri, 20 Jul 2001 00:30:24 -0400 (EDT)
From: "Christopher L. Morrow" <chris@UU.NET>
To: Hank Nussbacher <hank@att.net.il>
Cc: "Scott E. MacKenzie" <semackenzie@corp.attcanada.ca>,
nanog@merit.edu
In-Reply-To: <4.3.2.7.2.20010720070521.00ad15a0@max.att.net.il>
Message-ID: <Pine.GSO.4.20.0107200029100.29147-100000@csserve0.corp.us.uu.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, 20 Jul 2001, Hank Nussbacher wrote:
>
> At 16:38 19/07/01 -0400, you wrote:
>
> It all hinges on your upstream ISPs. The things to ask for are:
>
> - SYN and ICMP rate limiting: If you buy a T3 from your upstream, you
> should ask that they place on *their* peering routers and on the router
> facing you, Cisco rate limits of about 512kb/sec of ICMP and about
> 128kb/sec of SYNs. Pay extra if need be.
This means I only need a modem to synflood your network out of order.
Rate-limits are only worthwhile for 'well behaved' flows, DoS is by
definition NOT well-behaved.
