[47580] in North American Network Operators' Group
Re: Effective ways to deal with DDoS attacks?
daemon@ATHENA.MIT.EDU (Pete Kruckenberg)
Mon May 6 19:18:14 2002
Date: Mon, 6 May 2002 17:15:25 -0600 (MDT)
From: Pete Kruckenberg <pete@kruckenberg.com>
To: <nanog@merit.edu>
In-Reply-To: <Pine.LNX.4.33.0205012014470.15300-100000@minot.kruckenberg.com>
Message-ID: <Pine.LNX.4.33.0205061702280.2456-100000@minot.kruckenberg.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 1 May 2002, Pete Kruckenberg wrote:
> We experience a lot of types of attacks
> ("education/research network" = "easy hacker target").
> With DDoS incidents, it seems we are more often an
> unknowing/unwilling participant than the target, partly
> due to owning big chunks of IP address space.
>
> We most frequently are the zombie/reflector participants
> in an attack that originates outside our network, to a
> target outside our network. As many as 8,000 hosts on
> our network are reflecting SYN floods in the current
> attacks.
I finally found a paper on this type of attack.
http://grc.com/files/drdos.pdf and
http://grc.com/dos/grcdos.htm describe the attack and a few
possible defenses, though they are about as ineffective as
most other DDoS defenses.
Pete.
