[13829] in bugtraq
Re: DDOS Attack Mitigation
daemon@ATHENA.MIT.EDU (Julien Nadeau)
Tue Feb 15 13:41:54 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <38A84CF9.9D827F49@csoft.net>
Date: Mon, 14 Feb 2000 14:44:09 -0400
Reply-To: Julien Nadeau <julien@CSOFT.NET>
From: Julien Nadeau <julien@CSOFT.NET>
X-To: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
To: BUGTRAQ@SECURITYFOCUS.COM
> You know if anyone was of a mind to find someone at fault over this,
> I'd start pointing the finger at ISP's who haven't been doing this
> due to "performance reasons". They've had the ability to do it for
> years and in doing so would seriously reduce the number and possibility
> of "spoofing" attacks.
Agreed, I myself work for an ISP which provides co-location services,
and at first most admins (with years of experience might i add), just
don't
cared much about what's going out. When I got them all to filter
outgoing
packets, traffic dropped.
A solution would be for kernels to provide an option to keep a local
IP lookup table which could be simply based on network interfaces; of
course, given an stable implementation, this option enabled by default
would take care of spoofing problems for admins who don't think much
about what they're sending out -- i mean, they're big part of the
problem.
