Proactive steps to prevent DDOS?
Jason Legate
jlegate at yahoo.com
Sun Jan 28 19:45:03 UTC 2001
> I would add careful use of some rate-limiting
> functionality,
> (already mentioned in Richard Steenbergen's
> http://www.e-gerbil.net/ras/dos.txt)
> so you can rate-limit things like icmp and acks
> numbered 0 and anything
> else that show themselves to be obvious candidates
> over time.
In actuality, in a TCP SYN packet, an ack of 0 is very
common. If you view legitimate syn's generated by
real stacks, you will see at dword offset 7:
0x00000000.
Last time I checked, this was a 0 for all intents and
purposes. By rate-limiting acks of 0, you are
rate-limiting most syn packets, which I don't think is
the ultimate goal.
-j
__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices.
http://auctions.yahoo.com/
More information about the NANOG
mailing list