nanog mailing list archives

Re: [Re: Which Part(s) Failed in the recent DOS Attacks?]

From: Joe Shaw <jshaw () insync net>
Date: Wed, 9 Feb 2000 23:37:36 -0600 (CST)



On 9 Feb 2000, Toplez Razer wrote:

Joe,
Firewall-1 has the SynDefender and Cisco IOS 12.0 has TCP Intercept for
stopping TCP DOS.  Could these features stop massive TCP DOS attacks?


Both could possibly help, but when you're dealing with 800Mbps, which is
how much traffic was reported in the Yahoo DoS, filters don't matter.  The
problem is, you fill up the pipes and it doesn't matter that the router or
the firewall drops the packets because legitimate traffic can't get
through.  If the attacks were smaller directed attacks you'd have a better
chance of defending yourself, but with these new DDoS attacks it makes it
next to impossible unless you're a Tier1 or your Tier1 will actively
filter.  That's what makes them so devestating right now.

--
Joseph W. Shaw - jshaw () insync net
Computer Security Consultant and Programmer   
Free UNIX advocate - "I hack, therefore I am."

Current thread:

Re: [Re: Which Part(s) Failed in the recent DOS Attacks?] Toplez Razer (Feb 09)
- Re: [Re: Which Part(s) Failed in the recent DOS Attacks?] Richard Steenbergen (Feb 09)
- Re: [Re: Which Part(s) Failed in the recent DOS Attacks?] Joe Shaw (Feb 09)
  - Re: [Re: Which Part(s) Failed in the recent DOS Attacks?] Richard Steenbergen (Feb 10)