nanog mailing list archives

Re: Effective ways to deal with DDoS attacks?

From: Richard A Steenbergen <ras () e-gerbil net>
Date: Thu, 2 May 2002 11:36:40 -0400


On Wed, May 01, 2002 at 11:56:07PM -0600, Pete Kruckenberg wrote:


On Thu, 2 May 2002, Richard A Steenbergen wrote:

You have an interesting situation. I think rate limiting
outbound RSTs would be the least offensive thing you
could do, off the top of my head.


What about just blocking out-going RSTs altogether from our borders?
While this interferes with "proper" TCP functionality, would it actually
interfere enough to cause noticeable problems? Would certainly be less
of a burden on routers than rate-limiting.


If you really wanted to try you could probably get away with it, but 
you'll probably get complaints about broken behavior during "peacetime".

I'd still advise a rate limit, say something on the order of 512Kbps or
less depending on your pipe, and outbound TCP RST. If this makes your
routers fall over, you need new routers.

-- 
Richard A Steenbergen <ras () e-gerbil net>       http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177  (67 29 D7 BC E8 18 3E DA  B2 46 B3 D8 14 36 FE B6)

Current thread:

Re: Effective ways to deal with DDoS attacks?, (continued)
- - - Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 01)
    - Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 01)
    - Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 01)
    - Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 01)
    - Re: Effective ways to deal with DDoS attacks? Vadim Antonov (May 02)
    - Re: Effective ways to deal with DDoS attacks? Jeff Workman (May 02)
  - Re: Effective ways to deal with DDoS attacks? Pete Kruckenberg (May 01)
    - Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 01)
    - Re: Effective ways to deal with DDoS attacks? Pete Kruckenberg (May 01)
    - Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 01)
    - Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 02)
    - Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 01)
    - Re: Effective ways to deal with DDoS attacks? Pete Kruckenberg (May 01)
    - Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 02)
    - Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 02)
  - Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 01)
    - Re: Effective ways to deal with DDoS attacks? Vincent Gillet (May 02)
    - Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 02)
    - Re: Effective ways to deal with DDoS attacks? measl (May 02)
- Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 01)
- Message not available
  - Re: Effective ways to deal with DDoS attacks? Hank Nussbacher (May 02)

(Thread continues...)