[47294] in North American Network Operators' Group
Re: Effective ways to deal with DDoS attacks?
daemon@ATHENA.MIT.EDU (Pete Kruckenberg)
Thu May 2 01:56:39 2002
Date: Wed, 1 May 2002 23:56:07 -0600 (MDT)
From: Pete Kruckenberg <pete@kruckenberg.com>
To: <nanog@merit.edu>
In-Reply-To: <20020502045728.GG523@overlord.e-gerbil.net>
Message-ID: <Pine.LNX.4.33.0205012349320.20341-100000@minot.kruckenberg.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 2 May 2002, Richard A Steenbergen wrote:
>> SYN packet comes in, one of these machines responses with a
>> RST to the "source", which is actually the target of the
>
> You have an interesting situation. I think rate limiting
> outbound RSTs would be the least offensive thing you
> could do, off the top of my head.
What about just blocking out-going RSTs altogether from our
borders? While this interferes with "proper" TCP
functionality, would it actually interfere enough to cause
noticeable problems? Would certainly be less of a burden on
routers than rate-limiting.
Pete.
