Proactive steps to prevent DDOS?

• Previous message (by thread): Proactive steps to prevent DDOS?
• Next message (by thread): Proactive steps to prevent DDOS?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jan 26, 2001 at 03:35:50PM -0800, Sean Donelan wrote:
> Is there some magic command I can put into my router to help protect
> my network from a DDOS [...]

Closest command I've found is "no ip routing" in IOS, or "delete
family inet [...]" in JunOS.

That aside, there's something very basic that few people seem to
realize -- if you have no route to a destination, you can't initiate a
DDoS attack against it.

What's to prevent high-visibility shell/IRC/web/etc servers (read:
DDoS targets) from announcing their netblocks to their upstreams, and
then withdrawing these announcements -- either manually, or
automagically, using scripts monitoring rate limiting and pkt/sec
thresholds, amongst other things -- when under attack.  Sure, that
would result in temporary loss of connectivity to said host, but
sometimes, that's the quickest way to stop a large attack.

This doesn't need to be a costly endeavor.  Zebra is perfectly stable
when receiving no routes, and announcing a couple of networks at the
most.  You'll find that lots of folks who have legacy class C (or B
even!)  and AS number assignments they're not currently using, dating
back to before the ARIN charged for such things, are more than willing
to transfer/lend them to you when you ask politely.  Don't believe me?
Try it sometime.

-adam

• Previous message (by thread): Proactive steps to prevent DDOS?
• Next message (by thread): Proactive steps to prevent DDOS?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]