nanog mailing list archives

RE: Growing DoS attacks

From: "LeBlanc, Jason" <Jml () ebay com>
Date: Wed, 16 Jan 2002 15:37:47 -0800


Get in touch with these guys, ask about SLT Director:

Radware, Inc.
http://www.radware.com

Jason Harrison, Regional Sales Manager - Northern California
721 Emerson Court
San Jose, CA 95126
voice: 408.279.2310; fax: 408.279.2510

-----Original Message-----
From: Pascal Gloor [mailto:pascal.gloor () spale com]
Sent: Wednesday, January 16, 2002 3:13 PM
To: nanog () nanog org
Subject: Re: Growing DoS attacks

Since years, IRC (users and/or servers) gets dDoS... We also 
see a grow of
the dDoS attacks. For example on Undernet some servers get 
attacked every
day with 100+Mbps for a few minutes, and sometimes for long 
long hours...
Those attacks are usually comming from users - IRC Operators 
conflicts,
those users think they may ask anything to an OPER with the 
power of a dDoS.
We try to provide a free service, and all of us know how it 
is hard to get a
host with good connectivity for free and on the other side we 
see those
young 'script kiddies'  playing around with hundreds of 
compromised hosts
like a game and they  have no idea how much it costs to all 
the flooded
networks... Unlikely I have to say that most of these 'script 
kiddies' are
from Romania. I dont know why it's so many times comming from them....

If you run an well dDoS'ed IRC Server on your network I have 
a solution for
you... not the best one, but still technically working..

get a /24 (be carefull that there is no bigger network 
announced which would
include it!!! i mean like if you get 10.10.10/24, 10/8 would 
include it)

Get a box, and run Zebra BGPD, which will announce that /24 
to your network.
Then do a script which monitors the traffic to the irc 
server, and on a
certain threshold, kill BGPD. wait a certain time, like 
15minutes or so, and
restart BGPD. It would be nice to check the traffic every 
minute and if 2
consecutive checks are positive kill bgpd. That mean that you 
 may be able
to STOP dDoS to irc servers within 2-3 minutes...

just my 0.00001 EUR

Cheers..
Pascal

Current thread:

Re: Growing DoS attacks, (continued)
- - - Re: Growing DoS attacks Vincent Gillet (Jan 17)
    - Re: Growing DoS attacks Joe Abley (Jan 17)
    - Re: Growing DoS attacks Barb Dijker (Jan 17)
- Re: Growing DoS attacks Avleen Vig (Jan 16)
  - Re: Growing DoS attacks Tom Sands (Jan 17)
- Re: Growing DoS attacks Pascal Gloor (Jan 16)
  - Re: Growing DoS attacks Paul Timmins (Jan 16)
    - Re: Growing DoS attacks Jared Mauch (Jan 16)
    - Re: Growing DoS attacks Avleen Vig (Jan 16)
  - Re: Growing DoS attacks Eric Whitehill (Jan 16)
- RE: Growing DoS attacks LeBlanc, Jason (Jan 16)