Re: Effective ways to deal with DDoS attacks?

[Richard A Steenbergen <ras () e-gerbil net>]

On Thu, May 02, 2002 at 04:28:44AM +0000, Christopher L. Morrow wrote:
> Let me say this one more time... "RATE LIMITS DON'T DO SHIT TO STOP
> ATTACKS" for the victim atleast, all they do is make the job of the
> attacker that much easier.  For instance:
>
> 1) I synflood www.avleen.org
> 2) you rate-limit syns to 1MB
> 3) I now only flood 1MB and I still win
>
> So, don't rely on a rate-limit as its not going to help.

Thank you, I can't make this point enough and people still say "we'll just
rate limit!". Filtering is only as good as your ability to DETERMINE WHAT
TO FILTER.

The only time you can get anything from this is when you admit defeat on 
keeping your services responding to new connection but want to keep 
existing connections and/or the end servers from failing completely. 
Depending on the service in question this may or may not be a good goal.

-- 
Richard A Steenbergen <ras () e-gerbil net>       http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177  (67 29 D7 BC E8 18 3E DA  B2 46 B3 D8 14 36 FE B6)