Re: Proactive steps to prevent DDOS?

["Richard A. Steenbergen" <ras () e-gerbil net>]

On Fri, Jan 26, 2001 at 11:54:11PM -0500, Valdis.Kletnieks () vt edu wrote:
> On Fri, 26 Jan 2001 16:40:04 PST, Sean Donelan said:
> > Most are suggestions for what other networks can do to prevent them from
> > being a source of a DDOS attack.   There is less help for what the target
> > of a DDOS can do.
>
> Unfortunately, the current draft document for the Center for Internet Security
> (www.cisecurity.org) Solaris security checklist suffers from the same problem.
> It mandates RFC2644 broadcasts, RFC1918 martian and RFC2827 egress filtering,
> but I couldn't find any stuff on the victim end of it.
>
> If anybody can provide me with a good reference, I'll be happy to add
> it and give credit.  http://www.sans.org/dosstep/index.htm is what I
> have currently on filtering.  If you have a *partial* reference
> (something that will work for *many* or *most* sites, for example), I
> am able to phrase it as "Evaluate the techniques listed at <URL> for
> appropriateness".
>
> Anybody got input to add?

After much nagging^H^H^H^H^H^H^Hrequests, I put some concepts about DoS
down in writing.

http://www.e-gerbil.net/ras/dos.txt

Maybe it'll be useful.

-- 
Richard A Steenbergen <ras () e-gerbil net>       http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177  (67 29 D7 BC E8 18 3E DA  B2 46 B3 D8 14 36 FE B6)