Proactive steps to prevent DDOS?

• Previous message (by thread): Proactive steps to prevent DDOS?
• Next message (by thread): Proactive steps to prevent DDOS?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I would add careful use of some rate-limiting
> functionality, 
> (already mentioned in Richard Steenbergen's
> http://www.e-gerbil.net/ras/dos.txt)
> so you can rate-limit things like icmp and acks
> numbered 0 and anything
> else that show themselves to be obvious candidates
> over time.

In actuality, in a TCP SYN packet, an ack of 0 is very
common.  If you view legitimate syn's generated by
real stacks, you will see at dword offset 7:
0x00000000.

Last time I checked, this was a 0 for all intents and
purposes.  By rate-limiting acks of 0, you are
rate-limiting most syn packets, which I don't think is
the ultimate goal.

-j

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices. 
http://auctions.yahoo.com/

• Previous message (by thread): Proactive steps to prevent DDOS?
• Next message (by thread): Proactive steps to prevent DDOS?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]