Bugtraq mailing list archives
Re: DDOS Attack Mitigation
From: bet () RAHUL NET (Bennett Todd)
Date: Tue, 15 Feb 2000 19:12:48 -0500
2000-02-14-13:44:09 Julien Nadeau:
A solution would be for kernels to provide an option to keep a local IP lookup table which could be simply based on network interfaces; of course, given an stable implementation, this option enabled by default would take care of spoofing problems for admins who don't think much about what they're sending out -- i mean, they're big part of the problem.
Linux already has such an option; just go for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f done and the routing logic will drop packets with forged source addrs. It's not on by default. Yet. I theorize that this will be an option, turned on by default, on most or all routers, before much longer. Kinda like how MTAs switched to disabling open relaying by default when the spammers got to be too much of a nuisance. -Bennett <HR NOSHADE> <UL> <LI>application/pgp-signature attachment: stored </UL>
Current thread:
- Re: DDOS Attack Mitigation, (continued)
- Re: DDOS Attack Mitigation Alan Brown (Feb 14)
- Re: DDOS Attack Mitigation Darren Reed (Feb 14)
- NetBSD Security Advisory 1999-012 Daniel Carosone (Feb 15)
- Re: DDOS Attack Mitigation Chris Cappuccio (Feb 15)
- Re: DDOS Attack Mitigation Carson Gaspar (Feb 15)
- Re: DDOS Attack Mitigation John Edwards (Feb 15)
- Re: DDOS Attack Mitigation Ryan Russell (Feb 16)
- Administrivia Elias Levy (Feb 16)
- Re: DDOS Attack Mitigation John Payne (Feb 14)
- Re: DDOS Attack Mitigation Julien Nadeau (Feb 14)
- Re: DDOS Attack Mitigation Bennett Todd (Feb 15)
- rp_filter? (was Re: DDOS Attack Mitigation) Julien Nadeau (Feb 18)
- Re: DDOS Attack Mitigation Homer Wilson Smith (Feb 14)
- Re: DDOS Attack Mitigation Andrzej Bialecki (Feb 14)
- Re: DDOS Attack Mitigation Darren Reed (Feb 14)
- "Association of Responsible Internet Providers"? David Nesting (Feb 15)
- Re: DDOS Attack Mitigation Andreas Busse (Feb 15)
- Re: Evil Cookies. Ari Gordon-Schlosberg (Feb 08)
- Re: Evil Cookies. Michael Bryan (Feb 08)
- Statistical Attack Against Virtual Banks Andre L. Dos Santos (Feb 08)
- Re: Statistical Attack Against Virtual Banks HC Security (Feb 08)