nanog mailing list archives
Re: Proactive steps to prevent DDOS?
From: Jason Legate <jlegate () yahoo com>
Date: Sun, 28 Jan 2001 11:45:03 -0800 (PST)
I would add careful use of some rate-limiting functionality, (already mentioned in Richard Steenbergen's http://www.e-gerbil.net/ras/dos.txt) so you can rate-limit things like icmp and acks numbered 0 and anything else that show themselves to be obvious candidates over time.
In actuality, in a TCP SYN packet, an ack of 0 is very common. If you view legitimate syn's generated by real stacks, you will see at dword offset 7: 0x00000000. Last time I checked, this was a 0 for all intents and purposes. By rate-limiting acks of 0, you are rate-limiting most syn packets, which I don't think is the ultimate goal. -j __________________________________________________ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices. http://auctions.yahoo.com/
Current thread:
- Re: Proactive steps to prevent DDOS?, (continued)
- Re: Proactive steps to prevent DDOS? Hank Nussbacher (Feb 24)
- Re: Proactive steps to prevent DDOS? Jeff Ogden (Feb 24)
- Re: Proactive steps to prevent DDOS? David Harmelin (Feb 24)
- Re: Proactive steps to prevent DDOS? Adam Rothschild (Feb 24)
- Re: Proactive steps to prevent DDOS? Adrian Chadd (Feb 24)
- Re: Proactive steps to prevent DDOS? Valdis . Kletnieks (Feb 24)
- RE: Proactive steps to prevent DDOS? Chin Wey Jake (Feb 24)
- Re: Proactive steps to prevent DDOS? Jerry Scharf (Feb 24)
- Re: Proactive steps to prevent DDOS? Howard C. Berkowitz (Feb 24)
- Re: Proactive steps to prevent DDOS? Valdis . Kletnieks (Feb 24)
- Re: Proactive steps to prevent DDOS? John Payne (Feb 24)