nanog mailing list archives

Re: Advanced Countermeasures to prevent a Ddos

From: "Christopher L. Morrow" <chris () UU NET>
Date: Fri, 20 Jul 2001 00:30:24 -0400 (EDT)



On Fri, 20 Jul 2001, Hank Nussbacher wrote:


At 16:38 19/07/01 -0400, you wrote:

It all hinges on your upstream ISPs.  The things to ask for are:

- SYN and ICMP rate limiting:  If you buy a T3 from your upstream, you 
should ask that they place on *their* peering routers and on the router 
facing you, Cisco rate limits of about 512kb/sec of ICMP and about 
128kb/sec of SYNs.  Pay extra if need be.


This means I only need a modem to synflood your network out of order.
Rate-limits are only worthwhile for 'well behaved' flows, DoS is by
definition NOT well-behaved.

Current thread:

Advanced Countermeasures to prevent a Ddos Scott E. MacKenzie (Jul 19)
- <Possible follow-ups>
- Re: Advanced Countermeasures to prevent a Ddos Hank Nussbacher (Jul 19)
  - Re: Advanced Countermeasures to prevent a Ddos Christopher L. Morrow (Jul 19)
  - Re: Advanced Countermeasures to prevent a Ddos Basil Kruglov (Jul 19)
    - Re: Advanced Countermeasures to prevent a Ddos Hank Nussbacher (Jul 19)