Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Udp Flood

From: Tomas Wolf <tomas () skip cz>
Date: Fri, 14 Nov 2003 13:50:18 -0700
There are not many things one can do to "block" DoS that are bandwith based. It needs to be "cut" before it gets on the wire to you -- that means ISP. If it is comming from several ISPs, then you need to work with all of them to bann these "bandwith based" DoS. If I was the ISP, I would track down where the bandwith comes from - because I don't want anybody to eat my 20Mbps for this purposes.
I presume that firewall(s) is (are) placed and configured to disallow reachablity of the DNS from outside you network. That will keep DNS from wasting resources. Oh, and if an older firewall(s) is (are) used, make sure that IP masquarading is disabled (no spoofed IPs can get in from untrusted interface to trusted interface). 

Good luck -- Tomas

Mauro Marazzi wrote:



I've tried and tested UDP Flood 2 Foundstone to simulate some attack suffered by my network.Is there any way to block 
an udp flood directed to a Red Hat DNS Server? I could do it on my Cisco router, but I have already implemented some rate 
limits and I could not add any other line. If I will drop the packet directly on the DNS server, will my bandwidth in any 
case used on my POS interface, so reducing the available overall bandwidth? And last, why any UDP flood I have received has 
taken right of way my legal traffic: an example; I have 75 Mbps, and the legitimate traffic is of 70 Mbps. When an UDP flood 
of 20 Mbps(target 53) arrive, it takes 20 Mbps and not the remaining 5 Mbps. So my legitimate traffic will be decreased of 
15 Mbps.


Any reply will be appreciated.

Regards,
Mauro Marazzi

---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ---------------------------------------------------------------------------- 







---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: