Proactive steps to prevent DDOS?
Richard A. Steenbergen
ras at e-gerbil.net
Sat Jan 27 05:16:33 UTC 2001
On Fri, Jan 26, 2001 at 11:54:11PM -0500, Valdis.Kletnieks at vt.edu wrote:
>
> On Fri, 26 Jan 2001 16:40:04 PST, Sean Donelan said:
> > Most are suggestions for what other networks can do to prevent them from
> > being a source of a DDOS attack. There is less help for what the target
> > of a DDOS can do.
>
> Unfortunately, the current draft document for the Center for Internet Security
> (www.cisecurity.org) Solaris security checklist suffers from the same problem.
> It mandates RFC2644 broadcasts, RFC1918 martian and RFC2827 egress filtering,
> but I couldn't find any stuff on the victim end of it.
>
> If anybody can provide me with a good reference, I'll be happy to add
> it and give credit. http://www.sans.org/dosstep/index.htm is what I
> have currently on filtering. If you have a *partial* reference
> (something that will work for *many* or *most* sites, for example), I
> am able to phrase it as "Evaluate the techniques listed at <URL> for
> appropriateness".
>
> Anybody got input to add?
After much nagging^H^H^H^H^H^H^Hrequests, I put some concepts about DoS
down in writing.
http://www.e-gerbil.net/ras/dos.txt
Maybe it'll be useful.
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
More information about the NANOG
mailing list