Security Incidents mailing list archives
Re: 1024 & DistributedDirector
From: Mike Lewinski <mike () ROCKYNET COM>
Date: Fri, 27 Oct 2000 08:12:46 -0600
I don't know that this is the place to discuss this, but... There seem to be so many of these idiots out there making so many
assumptions,
would it not be a Good Thing to sit down and thrash out a standard which
would
enable all the loadbalancers to get what they need (and no more) from clients without triggering alarm bells.
I agree completely. Abe initially asked if this was a DDoS tool, and perhaps he's right. I don't know what kind of caching these products do, but how hard is it going to be for some SK to figure out that they can send tons of forged packets to these things to create an amplification attack? If the kind of traffic we're seeing is the result of one client lookup, this could be a problem, for example, with forged packets from each addy in your class C, aimed at more than one load balancer. (and God Help Us All if the load balancers are assuming everyone is a well-behaved client who honors TTL information) Mike
Current thread:
- [no subject] Abe Getchell (Oct 27)
- [no subject] Mike Lewinski (Oct 27)
- [no subject] John Hall (Oct 28)
- Re: your mail Nick Phillips (Oct 28)
- Re: 1024 & DistributedDirector Mike Lewinski (Oct 28)
- Load Balancing Protocol (was Re: your mail) Crist Clark (Oct 31)
- Re: Load Balancing Protocol (was Re: your mail) Nick Phillips (Oct 31)
- QAZ hitting MS Pierre Vandevenne (Oct 28)
- [no subject] Mike Lewinski (Oct 27)
- Re: your mail jerm (Oct 28)