Proactive steps to prevent DDOS?

Hank Nussbacher hank at att.net.il
Mon Jan 29 07:27:26 UTC 2001 

At 12:52 27/01/01 -0500, Jeff Ogden wrote:

>>At 4:15 PM -0800 1/26/01, Sean Donelan wrote:
>>Fine, does this work better for you?
>>
>>Help me, what proactive steps can I take to protect my network from a DDOS?
>
>There isn't a lot that can be done, but there are a few steps you can take 
>to "get ready" for a DDOS attack.
>
>   --Make sure you have monitoring of your routers or firewalls in place
>     so you'll get an early alert of a possible DOS attack. This will at
>     least allow you to start working on the problem (and drafting
>     press releases :-).
>   --Talk to all of your up stream providers so you know how to contact and
>     work with them if they are a source of a DOS attack against you. If your
>     up stream provider isn't willing to work with you on this, start the
>     process of getting a new up stream provider.
>
>   --Look into the systems that are being developed and starting to become
>     available that help automate the work to diagnose DDOS attacks.
>     Encourage your up streams to do the same.

I know of just Asta Networks:
Asta Networks claims cure for denial-of-service attacks, Jan 17, 2001
http://www.nwfusion.com/news/2001/0117ddos.html
Firm eyes DOS attacks, Jan 22, 2001
http://www.nwfusion.com/archive/2001/115979_01-22-2001.html

Can you elaborate on others you may know?

-Hank


>   --Make sure you have in place the filtering on your own networks that you
>     wish everyone else had in place on their networks.  This won't protect
>     you from being attacked, but it will prevent you and your users from
>     attacking others (or at least using spoofed IP addresses to do so), and
>     that in turn may prevent you from being the target of a retaliatory DOS
>     attack. It can also prevent or limit the spread of a DOS attack that
>     originates within your network or from someone down stream. From your
>     customer's point of view there may not be much difference between
>     you being the source of or the target of a DOS attack--either way
>     performance is likely to be poor and customers are likely to be unhappy.
>
>   -Jeff Ogden
>    Merit

More information about the NANOG mailing list