Security Incidents mailing list archives
Re: DDoS attack.
From: Patrick Oonk <patrick () pine nl>
Date: Mon, 28 Jan 2002 19:47:07 +0100
On Sun, Jan 27, 2002 at 11:53:45PM -0500, Stanislav N. Vardomskiy wrote:
On Sun, 27 Jan 2002, Bugtraq Mailing Lists wrote:you should start implementing ingress filtering on your routers so that this spoofed attack will not happen again by your end users.
<snip>
As you should be a good internet denisen and not spew crap onto the backbone that might cause problems, you probably should filter egress as well. Simplest egress filter would be:
<snip>
P.S. This is not meant to be a replacement for someone with Cisco skill - there are many clued in people out there that are jobless at the moment, and last time I tried to write a comprehensive instructions for Cisco security for our IX, I got in no-nonsense way informed that I really should not take the bread and butter from the CCIEs, least I want my employer to be packeted/nullrouted off the face of the internet.
There's an even more comprehensive story about egress filtering at http://www.incidents.org/protect/egress.php and at the Cisco site: http://www.cisco.com/warp/public/707/newsflash.html -- patrick oonk - pine internet - patrick () pine nl - www.pine.nl/~patrick T:+31-70-3111010 - F:+31-70-3111011 - Read news at http://security.nl PGPID 155C3934 fp DD29 1787 8F49 51B8 4FDF 2F64 A65C 42AE 155C 3934 Excuse of the day: We're on Token Ring, and it looks like the token got loose. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- DDoS attack. Daniel F. Chief Security Engineer - (Jan 25)
- Re: DDoS attack. Glenn Forbes Fleming Larratt (Jan 25)
- Re: DDoS attack. Daniel F. Chief Security Engineer - (Jan 25)
- Re: DDoS attack. Bugtraq Mailing Lists (Jan 27)
- Re: DDoS attack. Stanislav N. Vardomskiy (Jan 28)
- Re: DDoS attack. Patrick Oonk (Jan 28)
- Re: DDoS attack. Wichert Akkerman (Jan 28)
- Re: DDoS attack. Stanislav N. Vardomskiy (Jan 28)
- <Possible follow-ups>
- Re: DDoS attack. Neil Dickey (Jan 25)
- RE: DDoS attack. Boyan Krosnov (Jan 25)
- Re: DDoS attack. Glenn Forbes Fleming Larratt (Jan 25)