Re: Effective ways to deal with DDoS attacks?

["Christopher L. Morrow" <chris () UU NET>]

On Wed, 1 May 2002, Pete Kruckenberg wrote:

> On Wed, 1 May 2002 measl () mfn org wrote:
>
> > and then again, there has been much discussion on simple
> > DoS attacks, where the term DDoS is erroneously used...
> > I am very much not trying to imply that this is the case
> > here, but it's important that the two be thoroughly
> > distinguished from each other - they are totally
> > different things to deal with.
>
> Sorry, I should have been more clear.
>
> My issue (currently)  is not being the target of the DDoS
> attack, but being a (unwilling) participant. People outside
> our network are launching DDoS attacks (distributed SYN
> floods) against destinations outside our network, using
> about 8,000 Web server hosts on our network as reflectors.

Funny, you say 'secured' here...

> These are not zombies. They are secured, uncompromised Web
> servers. The attack spoofs the target address as the source,
> and one of our machines as a destination, port 80. Getting
> everyone to implement defenses (SYN cookies) on their Web
> servers is nearly impossible (most don't even have a
> defense--printers and routers with Web interfaces).

and here you say: "printers and routers" Since when did they need to be
accessible off campus? Additionally, why does a router need a web
interface?? Printers are on the cusp, but they certainly don't need to be
accesible from out of your LAN.