DDOS anecdotes

• Previous message (by thread): anti-spoofing filters
• Next message (by thread): DDOS anecdotes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----Original Message-----
From: woods at weird.com [mailto:woods at weird.com]
Sent: Saturday, June 23, 2001 3:56 PM
To: nanog at merit.edu
Subject: RE: DDOS anecdotes



[ On Saturday, June 23, 2001 at 20:04:06 (+0200), Mikael Abrahamsson wrote:
]
> Subject: RE: DDOS anecdotes
>
> This is a real problem. It's not FUD. Microsofts choice to include full
> IP stack capabilities will make the problem worse, but I do not blame
> their IP stack for this like Mr Gibson does though.

>No, their stack's not the root of the problem -- all the rest of their
>OS is (and of course in particular the security model, or lack thereof).


FYI beware of service pack 2.  It sets the DF bit so packets cannot
fragment.  Particularily offensive if your server is on the other side of a
tunnel (due to the overhead).  The solution is to reduce the MTU on the box.
Or use a different OS :)



							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods at acm.org>     <woods at robohack.ca>
Planix, Inc. <woods at planix.com>;   Secrets of the Weird <woods at weird.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20010623/841de41b/attachment.html>

• Previous message (by thread): anti-spoofing filters
• Next message (by thread): DDOS anecdotes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]