Re: engineering --> ddos and flooding

["Geoff Z" <geoffz () mts net>]

Steven Bellovin has been doing considerable and valuable work on a method
called pushback.  You can find a paper on this here:

http://www.research.att.com/~smb/papers/pushback-impl.pdf

He is a listmember here and one of the real luminaries on IP security
issues.

Best regards,

====================
Geoff Zinderdine
CCNP CCA MCP
MTS Communications Inc.
====================
"I'd rather route than switch."


----- Original Message -----
From: "Andrew Dorsett" <zerocool () netpath net>
To: <nanog () merit edu>
Sent: Thursday, May 31, 2001 4:59 PM
Subject: engineering --> ddos and flooding


> Hey, this is a technical question for all of the Network
> Engineers/Architects on the list.  Has a method been found to stop an
> incoming attack?  Granted you can filter the packets to null on the
router,
> but that doesn't stop them from coming across the wire and into the
> router.  Has a way been devised to stop them from coming into the router;
> via something like a BGP update to null the packets or what?  I'm
concerned
> about a flood that is so massive coming from the core and flooding a small
> T1 or less.
>
> Thanks,
> Andrew
> ---
> <zerocool () netpath net>
> http://www.andrewsworld.net/
> ICQ: 2895251
> Cisco Certified Network Associate
> Development Assistant: Netpath/Stratonet, Inc.
>                         (http://www.netpath.net/)
>                         Email: dorsett () netpath net
>
> "Learn from the mistakes of others. You won't live long enough to make all
> of them yourself." -- Unknown
> "YEEEHA!!! What a CRASH!!!" -- Random System Administrator