nanog mailing list archives
Re: [Re: Which Part(s) Failed in the recent DOS Attacks?]
From: Joe Shaw <jshaw () insync net>
Date: Wed, 9 Feb 2000 23:37:36 -0600 (CST)
On 9 Feb 2000, Toplez Razer wrote:
Joe, Firewall-1 has the SynDefender and Cisco IOS 12.0 has TCP Intercept for stopping TCP DOS. Could these features stop massive TCP DOS attacks?
Both could possibly help, but when you're dealing with 800Mbps, which is how much traffic was reported in the Yahoo DoS, filters don't matter. The problem is, you fill up the pipes and it doesn't matter that the router or the firewall drops the packets because legitimate traffic can't get through. If the attacks were smaller directed attacks you'd have a better chance of defending yourself, but with these new DDoS attacks it makes it next to impossible unless you're a Tier1 or your Tier1 will actively filter. That's what makes them so devestating right now. -- Joseph W. Shaw - jshaw () insync net Computer Security Consultant and Programmer Free UNIX advocate - "I hack, therefore I am."
Current thread:
- Re: [Re: Which Part(s) Failed in the recent DOS Attacks?] Toplez Razer (Feb 09)
- Re: [Re: Which Part(s) Failed in the recent DOS Attacks?] Richard Steenbergen (Feb 09)
- Re: [Re: Which Part(s) Failed in the recent DOS Attacks?] Joe Shaw (Feb 09)
- Re: [Re: Which Part(s) Failed in the recent DOS Attacks?] Richard Steenbergen (Feb 10)