nanog mailing list archives

Re: Proactive steps to prevent DDOS?

From: Hank Nussbacher <hank () att net il>
Date: Mon, 29 Jan 2001 09:27:26 +0200


At 12:52 27/01/01 -0500, Jeff Ogden wrote:

At 4:15 PM -0800 1/26/01, Sean Donelan wrote:
Fine, does this work better for you?

Help me, what proactive steps can I take to protect my network from a DDOS?

There isn't a lot that can be done, but there are a few steps you can taketo "get ready" for a DDOS attack.


  --Make sure you have monitoring of your routers or firewalls in place
    so you'll get an early alert of a possible DOS attack. This will at
    least allow you to start working on the problem (and drafting
    press releases :-).
  --Talk to all of your up stream providers so you know how to contact and
    work with them if they are a source of a DOS attack against you. If your
    up stream provider isn't willing to work with you on this, start the
    process of getting a new up stream provider.

  --Look into the systems that are being developed and starting to become
    available that help automate the work to diagnose DDOS attacks.
    Encourage your up streams to do the same.


I know of just Asta Networks:
Asta Networks claims cure for denial-of-service attacks, Jan 17, 2001
http://www.nwfusion.com/news/2001/0117ddos.html
Firm eyes DOS attacks, Jan 22, 2001
http://www.nwfusion.com/archive/2001/115979_01-22-2001.html

Can you elaborate on others you may know?

-Hank

  --Make sure you have in place the filtering on your own networks that you
    wish everyone else had in place on their networks.  This won't protect
    you from being attacked, but it will prevent you and your users from
    attacking others (or at least using spoofed IP addresses to do so), and
    that in turn may prevent you from being the target of a retaliatory DOS
    attack. It can also prevent or limit the spread of a DOS attack that
    originates within your network or from someone down stream. From your
    customer's point of view there may not be much difference between
    you being the source of or the target of a DOS attack--either way
    performance is likely to be poor and customers are likely to be unhappy.

  -Jeff Ogden
   Merit

Current thread:

Re: Proactive steps to prevent DDOS?, (continued)
- Re: Proactive steps to prevent DDOS? Adam Rothschild (Feb 24)
  - Re: Proactive steps to prevent DDOS? Alex Pilosov (Feb 24)
    - Re: Proactive steps to prevent DDOS? Adam Rothschild (Feb 24)
- Re: Proactive steps to prevent DDOS? Sean Donelan (Feb 24)
  - Re: Proactive steps to prevent DDOS? John Hawkinson (Feb 24)
  - Re: Proactive steps to prevent DDOS? jamie rishaw (Feb 24)
- Re: Proactive steps to prevent DDOS? Sean Donelan (Feb 24)
  - Re: Proactive steps to prevent DDOS? Elizabeth Schwartz (Feb 24)
  - Re: Proactive steps to prevent DDOS? Jeff Ogden (Feb 24)
    - Re: Proactive steps to prevent DDOS? Dave Curado (Feb 24)
    - Re: Proactive steps to prevent DDOS? Hank Nussbacher (Feb 24)
    - Re: Proactive steps to prevent DDOS? Jeff Ogden (Feb 24)
    - Re: Proactive steps to prevent DDOS? David Harmelin (Feb 24)
    - Re: Proactive steps to prevent DDOS? Adam Rothschild (Feb 24)
    - Re: Proactive steps to prevent DDOS? Adrian Chadd (Feb 24)
- Re: Proactive steps to prevent DDOS? Sean Donelan (Feb 24)
  - Re: Proactive steps to prevent DDOS? Valdis . Kletnieks (Feb 24)
    - RE: Proactive steps to prevent DDOS? Chin Wey Jake (Feb 24)
- Re: Proactive steps to prevent DDOS? Richard A. Steenbergen (Feb 24)
- Re: FW: Proactive steps to prevent DDOS? Jeffrey Meltzer (Feb 24)
- Re: Proactive steps to prevent DDOS? Jason Legate (Feb 24)

(Thread continues...)