Security Basics mailing list archives
Re: Udp Flood
From: Tomas Wolf <tomas () skip cz>
Date: Fri, 14 Nov 2003 13:50:18 -0700
There are not many things one can do to "block" DoS that are bandwith based. It needs to be "cut" before it gets on the wire to you -- that means ISP. If it is comming from several ISPs, then you need to work with all of them to bann these "bandwith based" DoS. If I was the ISP, I would track down where the bandwith comes from - because I don't want anybody to eat my 20Mbps for this purposes.
I presume that firewall(s) is (are) placed and configured to disallow reachablity of the DNS from outside you network. That will keep DNS from wasting resources. Oh, and if an older firewall(s) is (are) used, make sure that IP masquarading is disabled (no spoofed IPs can get in from untrusted interface to trusted interface).
Good luck -- Tomas Mauro Marazzi wrote:
I've tried and tested UDP Flood 2 Foundstone to simulate some attack suffered by my network.Is there any way to block an udp flood directed to a Red Hat DNS Server? I could do it on my Cisco router, but I have already implemented some rate limits and I could not add any other line. If I will drop the packet directly on the DNS server, will my bandwidth in any case used on my POS interface, so reducing the available overall bandwidth? And last, why any UDP flood I have received has taken right of way my legal traffic: an example; I have 75 Mbps, and the legitimate traffic is of 70 Mbps. When an UDP flood of 20 Mbps(target 53) arrive, it takes 20 Mbps and not the remaining 5 Mbps. So my legitimate traffic will be decreased of 15 Mbps.Any reply will be appreciated. Regards, Mauro Marazzi --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCEThe Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
--------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCEThe Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- Udp Flood Mauro Marazzi (Nov 05)
- Re: Udp Flood Tomas Wolf (Nov 16)
- <Possible follow-ups>
- Re: Udp Flood Fernando Gont (Nov 20)