Vulnerability Development mailing list archives
Re: Re: Automatic Retaliation contra DoS
From: leitner () VIM ORG (Felix von Leitner)
Date: Mon, 29 May 2000 16:28:32 +0200
Thus spake sigipp () WELLA COM BR (sigipp () WELLA COM BR):
you are right, closing the door could be creating a DoS attack against yourself. But the idea in throttling down during the attack (and only during the attack) is to let legal connections still get through (o.k. much slower), continue analyzing, and when the attack is over, open the door again. So it would be a type of DoS during the attack, but it doesn´t matter, if the source IP is spoofed or not, attack is attack. You only have to take care to not close the door completely and keep on checking. Indeed, i think, this method exactly helps against DoS attacks. It helps by keeping some communication capacity open for legal packets during such an attack.
What use can it possibly have to further penalize your own packets? DDoS will saturate your Internet connection. No matter what you do with the packets, if you are ignoring them or not, your Internet connection will still be saturated.
Assume you´re sending junk dns responses with spoofed IP of a major (or root) dns server.
Install a proper DNS software and this won't touch you. I recommend http://cr.yp.to/dnscache.html.
By throttling these down, there is an increasing possibility to get time-outs in legal requests. But in this case i think this is even better than getting all the junk along with legal responses.
Install proper software and the junk won't harm. You are wasting your and our time here.
If a dns server is unreachable (in this case because of throttling down), then there are others. Goal is to keep some bandwidth open for making these dns requests (for example).
Huh?! If you selectively ignore incoming packets, that is _after_ they crossed the wire, how do you keep bandwidth open with that?! Felix
Current thread:
- Re: Automatic Retaliation contra DoS Kang Fu (May 17)
- <Possible follow-ups>
- Re: Automatic Retaliation contra DoS sigipp () WELLA COM BR (May 18)
- Re: Automatic Retaliation contra DoS Mikael Olsson (May 25)
- Re: Automatic Retaliation contra DoS sigipp () WELLA COM BR (May 25)
- Re: Re: Automatic Retaliation contra DoS Felix von Leitner (May 29)
- Re: Automatic Retaliation contra DoS Daniel Roesen (May 29)
- Re: Automatic Retaliation contra DoS Peter C. Norton (May 29)
- Re: Re: Automatic Retaliation contra DoS Felix von Leitner (May 29)
- Re: Automatic Retaliation contra DoS sigipp () WELLA COM BR (May 29)