[47295] in North American Network Operators' Group
Re: Effective ways to deal with DDoS attacks?
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Thu May 2 02:12:16 2002
Date: Thu, 2 May 2002 06:11:36 +0000 (GMT)
From: "Christopher L. Morrow" <chris@UU.NET>
To: Pete Kruckenberg <pete@kruckenberg.com>
Cc: <nanog@merit.edu>
In-Reply-To: <Pine.LNX.4.33.0205012349320.20341-100000@minot.kruckenberg.com>
Message-ID: <Pine.GSO.4.33.0205020610270.11583-100000@rampart.argfrp.us.uu.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 1 May 2002, Pete Kruckenberg wrote:
>
> On Thu, 2 May 2002, Richard A Steenbergen wrote:
>
> >> SYN packet comes in, one of these machines responses with a
> >> RST to the "source", which is actually the target of the
> >
> > You have an interesting situation. I think rate limiting
> > outbound RSTs would be the least offensive thing you
> > could do, off the top of my head.
>
> What about just blocking out-going RSTs altogether from our
> borders? While this interferes with "proper" TCP
> functionality, would it actually interfere enough to cause
> noticeable problems? Would certainly be less of a burden on
> routers than rate-limiting.
Aren't the initial packets in the 'gibson syn amp attack' syn-ack's?
