DDOS anecdotes
Daniel Senie
dts at senie.com
Sat Jun 23 19:13:34 UTC 2001
At 02:37 PM 6/23/01, Tim Wilde wrote:
> > This is a real problem. It's not FUD. Microsofts choice to include full
> > IP stack capabilities will make the problem worse, but I do not blame
> > their IP stack for this like Mr Gibson does though.
>
>Oh, it's most certainly a real problem, but I don't agree that the changes
>in Win XP will really make any difference whatsoever. With some very
>trivial driver additions, raw sockets can be accessed under any previous
>version of Windows, just like in XP.
Indeed, there have been LAN analyzers which run on all variants of Windows
for a very long time. These can generate / play back traffic, using
whatever source IP addresses and MAC addresses were on the original
packets. Obviously, a general spoofing tool for Win95 could be written.
After reading that part of the tirade, I came to the same conclusion as a
previous poster... lots of FUD, and not much more.
It's been 5 years since the document now published as RFC 2827 was first a
draft. Many sites do ingress or egress filtering. Many don't. Most router
equipment can now handle it, according to the manufacturers. Yes, there are
issues dealing with multi-homing. However, it appears many attacks still
originate from single homed sites, dialup sites, cable modem attached
systems, and the like. In most cases, these could be filtered. Has anyone
at any of the cable modem vendors made any attempts to try ingress
filtering in the cable system head-end routers? Did it work? Need help
trying it out? While Ingress filtering will not cure the world, it can help
de-fang many attacks. Unfortunately, it requires cooperation to be effective.
-----------------------------------------------------------------
Daniel Senie dts at senie.com
Amaranth Networks Inc. http://www.amaranth.com
More information about the NANOG
mailing list