Re: Re: Automatic Retaliation contra DoS

[leitner () VIM ORG (Felix von Leitner)]

Thus spake sigipp () WELLA COM BR (sigipp () WELLA COM BR):
> you are right, closing the door could be creating a DoS attack against yourself.
> But the idea in throttling down during the attack (and only during the attack)
> is to let legal connections still get through (o.k. much slower), continue
> analyzing, and when the attack is over, open the door again. So it would be a
> type of DoS during the attack, but it doesn´t matter, if the source IP is
> spoofed or not, attack is attack. You only have to take care to not close the
> door completely and keep on checking. Indeed, i think, this method exactly helps
> against DoS attacks. It helps by keeping some communication capacity open for
> legal packets during such an attack.

What use can it possibly have to further penalize your own packets?

DDoS will saturate your Internet connection.
No matter what you do with the packets, if you are ignoring them or not,
your Internet connection will still be saturated.

> Assume you´re sending junk dns responses with spoofed IP of a major (or root)
> dns server.

Install a proper DNS software and this won't touch you.
I recommend http://cr.yp.to/dnscache.html.

> By throttling these down, there is an increasing possibility to get
> time-outs in legal requests. But in this case i think this is even
> better than getting all the junk along with legal responses.

Install proper software and the junk won't harm.
You are wasting your and our time here.

> If a dns server is unreachable (in this case because of throttling
> down), then there are others. Goal is to keep some bandwidth open for
> making these dns requests (for example).

Huh?!
If you selectively ignore incoming packets, that is _after_ they crossed
the wire, how do you keep bandwidth open with that?!

Felix