Firewall Wizards mailing list archives
Re: DDOS Countermeasures RFC
From: kstephe6 () csc com
Date: Mon, 29 Jan 2001 16:00:43 -0600
Advanced Countermeasures will come as the technology evolves. For now the basic game plan is to avoid the one network space problem that got MSN last week. Make sure the egress and ingress filtering is correctly configured. Design multiple ISP services for your sites so you are at least serving DNS and Web from multiple IP address spaces. Distribute your static DNS servers in different locations than your dynamic Web DNS (load balanced/high availability DNS Servers/web switches). They do not all need to be on the same IP address space. Also watch your intrusion systems and logs for pre-attack traffic. I have almost always found mini-attacks as the bad guys test their zombies before the massive attacks hit. Ken Stephens, CISSP Sr. Security Manager Computer Sciences Corp _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- DDOS Countermeasures RFC Karl Wolfgang (Jan 29)
- Re: DDOS Countermeasures RFC Marcus J. Ranum (Jan 29)
- Re: DDOS Countermeasures RFC Ryan Russell (Jan 30)
- Re: DDOS Countermeasures RFC Eric Vyncke (Jan 31)
- Re: DDOS Countermeasures RFC Ryan Russell (Jan 30)
- <Possible follow-ups>
- Re: DDOS Countermeasures RFC kstephe6 (Jan 29)
- RE: DDOS Countermeasures RFC Kalat, Andrew (ISS Atlanta) (Jan 30)
- RE: DDOS Countermeasures RFC Scott Vowels (Jan 31)
- Re: DDOS Countermeasures RFC jan (Jan 31)
- Re: DDOS Countermeasures RFC Marcus J. Ranum (Jan 29)