nanog mailing list archives
Re: Advanced Countermeasures to prevent a Ddos
From: "Christopher L. Morrow" <chris () UU NET>
Date: Fri, 20 Jul 2001 00:30:24 -0400 (EDT)
On Fri, 20 Jul 2001, Hank Nussbacher wrote:
At 16:38 19/07/01 -0400, you wrote: It all hinges on your upstream ISPs. The things to ask for are: - SYN and ICMP rate limiting: If you buy a T3 from your upstream, you should ask that they place on *their* peering routers and on the router facing you, Cisco rate limits of about 512kb/sec of ICMP and about 128kb/sec of SYNs. Pay extra if need be.
This means I only need a modem to synflood your network out of order. Rate-limits are only worthwhile for 'well behaved' flows, DoS is by definition NOT well-behaved.
Current thread:
- Advanced Countermeasures to prevent a Ddos Scott E. MacKenzie (Jul 19)
- <Possible follow-ups>
- Re: Advanced Countermeasures to prevent a Ddos Hank Nussbacher (Jul 19)
- Re: Advanced Countermeasures to prevent a Ddos Christopher L. Morrow (Jul 19)
- Re: Advanced Countermeasures to prevent a Ddos Basil Kruglov (Jul 19)
- Re: Advanced Countermeasures to prevent a Ddos Hank Nussbacher (Jul 19)