[13854] in bugtraq
Re: DDOS Attack Mitigation
daemon@ATHENA.MIT.EDU (Andrzej Bialecki)
Tue Feb 15 18:21:26 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSF.4.20.0002142216170.54267-100000@mx.webgiro.com>
Date: Mon, 14 Feb 2000 22:21:46 +0100
Reply-To: Andrzej Bialecki <abial@WEBGIRO.COM>
From: Andrzej Bialecki <abial@WEBGIRO.COM>
X-To: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200002130850.TAA08542@cairo.anu.edu.au>
On Sun, 13 Feb 2000, Darren Reed wrote:
> In some mail from Elias Levy, sie said:
> [...]
> > Network Ingress Filtering:
> > --------------------------
> >
> > All network access providers should implement network ingress filtering
> > to stop any of their downstream networks from injecting packets with
> > faked or "spoofed" addressed into the Internet.
> >
> > Although this does not stop an attack from occurring it does make it
> > much easier to track down the source of the attack and terminate it
> > quickly.
> >
> > For information on network ingress filtering read RFC 2267:
> > http://info.internet.isi.edu/in-notes/rfc/files/rfc2267.txt
>
> You know if anyone was of a mind to find someone at fault over this,
> I'd start pointing the finger at ISP's who haven't been doing this
> due to "performance reasons". They've had the ability to do it for
> years and in doing so would seriously reduce the number and possibility
> of "spoofing" attacks.
Well, I worked at such ISP. The issue was really simple: given the choice
between:
putting a Cisco 25xx for $x000 and hope that we can deal with the
problem when/if the customers start misbehaving, or
putting a Cisco 47xx for $x0000, and possibly never experience the
problem, but having spent awful lot of money
the decision to select the former had its firm economic ground, don't you
think?
Andrzej Bialecki
// <abial@webgiro.com> WebGiro AB, Sweden (http://www.webgiro.com)
// -------------------------------------------------------------------
// ------ FreeBSD: The Power to Serve. http://www.freebsd.org --------
// --- Small & Embedded FreeBSD: http://www.freebsd.org/~picobsd/ ----
