Re: Echo

[Brad Knowles <brad.knowles () skynet be>]

At 11:36 PM +0200 2002/08/17, Brad Knowles wrote:

> >                                                         a very logical
> >   algorithm would be ``n source ip adresses per /16 per minute'' which
> >   would catch at least the badly distributed DDoS attacks and does not
> >   impose large processing overhead in cycles and memory, i think.
>
>         Assuming you're talking about the transmitting relay (which would
>  be difficult to fake), this would be some additional protection.

	Of course, it now occurs to me that there are plenty of providers 
which may not own the entire /16 that they are in, and therefore they 
could also get hurt by abuse being generated by near-by networks. 
Unfortunately, I'm not sure that there's too much you can do about 
this, because the consequences could be extremely severe.

>         Unless someone is trying to DoS your machine.  Heck, they could
>  just generate zillions of SYN packets with random source IP
>  addresses, and that could cause you some significant problems.

	OTOH, this doesn't really have anything particular to do with the 
service you'd be providing, and would not be any additional risk that 
you would not already be experiencing.

--
Brad Knowles, <brad.knowles () skynet be>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
    -Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w---
O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)