Vulnerability Development mailing list archives
Re: Automatic Retaliation contra DoS
From: sigipp () WELLA COM BR (sigipp () WELLA COM BR)
Date: Thu, 25 May 2000 13:09:00 -0300
Hi Mikael, you are right, closing the door could be creating a DoS attack against yourself. But the idea in throttling down during the attack (and only during the attack) is to let legal connections still get through (o.k. much slower), continue analyzing, and when the attack is over, open the door again. So it would be a type of DoS during the attack, but it doesn´t matter, if the source IP is spoofed or not, attack is attack. You only have to take care to not close the door completely and keep on checking. Indeed, i think, this method exactly helps against DoS attacks. It helps by keeping some communication capacity open for legal packets during such an attack. Let´s try an example: Assume you´re sending junk dns responses with spoofed IP of a major (or root) dns server. By throttling these down, there is an increasing possibility to get time-outs in legal requests. But in this case i think this is even better than getting all the junk along with legal responses. If a dns server is unreachable (in this case because of throttling down), then there are others. Goal is to keep some bandwidth open for making these dns requests (for example). Greetings Siegfried Gipp
Current thread:
- Re: Automatic Retaliation contra DoS Kang Fu (May 17)
- <Possible follow-ups>
- Re: Automatic Retaliation contra DoS sigipp () WELLA COM BR (May 18)
- Re: Automatic Retaliation contra DoS Mikael Olsson (May 25)
- Re: Automatic Retaliation contra DoS sigipp () WELLA COM BR (May 25)
- Re: Re: Automatic Retaliation contra DoS Felix von Leitner (May 29)
- Re: Automatic Retaliation contra DoS Daniel Roesen (May 29)
- Re: Automatic Retaliation contra DoS Peter C. Norton (May 29)
- Re: Re: Automatic Retaliation contra DoS Felix von Leitner (May 29)
- Re: Automatic Retaliation contra DoS sigipp () WELLA COM BR (May 29)