[13892] in bugtraq
Re: DDOS Attack Mitigation
daemon@ATHENA.MIT.EDU (Ryan Russell)
Thu Feb 17 09:42:56 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.GSO.4.10.10002160717001.28564-100000@www.securityfocus.com>
Date: Wed, 16 Feb 2000 07:20:33 -0800
Reply-To: Ryan Russell <ryan@SECURITYFOCUS.COM>
From: Ryan Russell <ryan@SECURITYFOCUS.COM>
X-To: Alan Brown <alan@MANAWATU.GEN.NZ>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.05.10002150711250.6393-100000@mailhost.manawatu.net.nz>
On Tue, 15 Feb 2000, Alan Brown wrote:
> On Sun, 13 Feb 2000, Darren Reed wrote:
>
> > You know if anyone was of a mind to find someone at fault over this,
> > I'd start pointing the finger at ISP's who haven't been doing this
> > due to "performance reasons".
>
> To be fair, if you do this on most terminal servers (eg, Cisco 5300, Max
> 4000), they will collapse under the load.
>
How exactly are you configuring these things? You're not trying to do
filtering on a per-dialup or per-user basis, are you? You put one
outbound filter on the Ethernet or WAN interface that covers the dialup
address pool. Or on the next router out. All the ISPs I've seen (and
granted, it's only a few) have another router in front of the dialup
router. Sure, dialup users will still be able to spoof at each-other, but
I assume that's a much smaller concern.
Ryan
