nanog mailing list archives
Re: Effective ways to deal with DDoS attacks?
From: Hank Nussbacher <hank () att net il>
Date: Thu, 02 May 2002 20:07:31 +0200
At 12:23 PM 02-05-02 -0400, Richard A Steenbergen wrote:
Thats what the IP2 does, match bytes in the headers and come back with a thumbs down or a thumbs up and a destination interface. It's really not that much harder to match the bytes for a dest port against a compiled ruleset and decide yes or no then it is to match the dest address against a forwarding table and decide which nexthop.
Looking into the IP header is not enough. In order to filter DDOS packets one has to look into the payload as well. I don't think routers are suitable for that level of filtering (think advanced NBAR).
Hank Consultant Riverhead Networks (formerly Wanwall Networks) www.riverhead.com
They CAN filter on anything in the headers, it's just a matter of convincing them that the specific filter you want is something they should add to their software language and microcode. I'm sure as a core router vendor they must hear every feature request imaginable and not know which ones to follow up on. If anyone from Juniper is listening, I can tell you 4 things to add which will stop all existing packet kiddie tools in their tracks. But then again, I'd rather just have a language for bitmatching at any offset. :) -- Richard A Steenbergen <ras () e-gerbil net> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
Current thread:
- Re: Effective ways to deal with DDoS attacks?, (continued)
- Re: Effective ways to deal with DDoS attacks? Scott Francis (May 02)
- Re: Effective ways to deal with DDoS attacks? Iljitsch van Beijnum (May 02)
- Re: Effective ways to deal with DDoS attacks? Avleen Vig (May 02)
- Re: Effective ways to deal with DDoS attacks? Iljitsch van Beijnum (May 02)
- Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 02)
- Re: Effective ways to deal with DDoS attacks? Iljitsch van Beijnum (May 02)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 04)
- Re: Effective ways to deal with DDoS attacks? Avleen Vig (May 02)
- Re: Effective ways to deal with DDoS attacks? Kurt Erik Lindqvist (May 06)
- RE: Effective ways to deal with DDoS attacks? LeBlanc, Jason (May 02)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 02)
- Re: Effective ways to deal with DDoS attacks? Hank Nussbacher (May 02)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 02)
- Re: Effective ways to deal with DDoS attacks? E.B. Dreger (May 02)
- Re: Effective ways to deal with DDoS attacks? E.B. Dreger (May 02)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 02)
- Re: Effective ways to deal with DDoS attacks? Rubens Kuhl Jr. (May 03)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 02)
- RE: Effective ways to deal with DDoS attacks? Iljitsch van Beijnum (May 02)
- Re: Effective ways to deal with DDoS attacks? Mark Turpin (May 02)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 02)
- Re: Effective ways to deal with DDoS attacks? Iljitsch van Beijnum (May 02)