[47382] in North American Network Operators' Group
Re: Effective ways to deal with DDoS attacks?
daemon@ATHENA.MIT.EDU (E.B. Dreger)
Thu May 2 22:36:20 2002
Date: Fri, 3 May 2002 02:35:53 +0000 (GMT)
From: "E.B. Dreger" <eddy+public+spam@noc.everquick.net>
To: Richard A Steenbergen <ras@e-gerbil.net>
Cc: "LeBlanc, Jason" <Jml@ebay.com>,
"'Pete Kruckenberg'" <pete@kruckenberg.com>, nanog@merit.edu
In-Reply-To: <20020502162301.GK523@overlord.e-gerbil.net>
Message-ID: <Pine.LNX.4.20.0205030227530.21371-100000@www.everquick.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
RAS> Date: Thu, 2 May 2002 12:23:01 -0400
RAS> From: Richard A Steenbergen
RAS> They CAN filter on anything in the headers, it's just a matter of
RAS> convincing them that the specific filter you want is something they should
RAS> add to their software language and microcode. I'm sure as a core router
RAS> vendor they must hear every feature request imaginable and not know which
RAS> ones to follow up on. If anyone from Juniper is listening, I can tell you
RAS> 4 things to add which will stop all existing packet kiddie tools in their
RAS> tracks. But then again, I'd rather just have a language for bitmatching at
RAS> any offset. :)
And it wouldn't be that hard to have something to compile
rulesets into simply assembly, either:
movb 0x12(1,%ecx),%al
andb $0x34,%al
xorb $0x14,%al
jz some_destination
Oversimplified, yes. But mask-then-test is one of the simpler
apps to write. s/x86/chipofchoice/ and have fun.
Juniper being based on FreeBSD/x86, perhaps some kernel hooks
might be in order for those who wish to write their own code.
--
Eddy
Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@brics.com>
To: blacklist@brics.com
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@brics.com>, or you are likely to
be blocked.
