nanog mailing list archives
Re: Effective ways to deal with DDoS attacks?
From: Avleen Vig <lists-nanog () silverwraith com>
Date: Thu, 2 May 2002 08:45:00 +0100 (BST)
On Thu, 2 May 2002, Christopher L. Morrow wrote:
On Thu, 2 May 2002, Avleen Vig wrote:If you're being attacked by a SYN flood, you can ask try to rate-limit the flood at your border (possible on Cisco IOS 12.0 and higher, and probably other routers too?)Let me say this one more time... "RATE LIMITS DON'T DO SHIT TO STOP ATTACKS" for the victim atleast, all they do is make the job of the attacker that much easier. For instance: 1) I synflood www.avleen.org 2) you rate-limit syns to 1MB 3) I now only flood 1MB and I still win So, don't rely on a rate-limit as its not going to help.
Actually it's avleen.com :) But joking aside you make a valid point. I should have clarified my statement by saying that I was thinking of the whole network getting attacked rather than the single host. Yes, one host may be the target, but when your bandwidth is saturates, your entire network is effectively offline. I have seen some 'clever' handling of DoS / DDoS from the attackers front where they don't often like to waste bandwidth during an attack. If a 1Mb flood will take you offline, they won't bother using 100Mb. Maybe 2Mb but not 100Mb :) This can be a Good Thing(tm) if you're willing to temporarily let one host suffer so that the rest of your network can stay alive.
The only thing you can try and do is work with your upstream provider and try to trace the source of the attacks back, but that's incredibly difficult.This depends :) Call us, if you are our customer, and I guarantee that someone will be there to resolve your issue, most times in 5 minutes or less. Perhaps other ISP's should start having some folks on staff and available for these tasks????? (hint, Hint, HINT!!!)
I wish other ISPs would start doing this.
Current thread:
- Effective ways to deal with DDoS attacks? Pete Kruckenberg (May 01)
- Re: Effective ways to deal with DDoS attacks? dies (May 01)
- Re: Effective ways to deal with DDoS attacks? Avleen Vig (May 01)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 01)
- Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 01)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 01)
- Re: Effective ways to deal with DDoS attacks? Avleen Vig (May 02)
- Re: Effective ways to deal with DDoS attacks? Hank Nussbacher (May 02)
- Re: Effective ways to deal with DDoS attacks? Alexei Roudnev (May 02)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 02)
- Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 02)
- Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 01)
- Re: Effective ways to deal with DDoS attacks? Pete Kruckenberg (May 01)
- Re: Effective ways to deal with DDoS attacks? Sean Donelan (May 01)
- Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 01)
- Re: Effective ways to deal with DDoS attacks? Pete Kruckenberg (May 06)
- Re: Effective ways to deal with DDoS attacks? Ralph Doncaster (May 06)
- Re: Effective ways to deal with DDoS attacks? Pete Kruckenberg (May 01)