Effective ways to deal with DDoS attacks?

• Previous message (by thread): Effective ways to deal with DDoS attacks?
• Next message (by thread): Effective ways to deal with DDoS attacks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, May 01, 2002 at 11:56:07PM -0600, Pete Kruckenberg wrote:
> 
> On Thu, 2 May 2002, Richard A Steenbergen wrote:
> 
> > You have an interesting situation. I think rate limiting
> > outbound RSTs would be the least offensive thing you
> > could do, off the top of my head.
> 
> What about just blocking out-going RSTs altogether from our borders?
> While this interferes with "proper" TCP functionality, would it actually
> interfere enough to cause noticeable problems? Would certainly be less
> of a burden on routers than rate-limiting.

If you really wanted to try you could probably get away with it, but 
you'll probably get complaints about broken behavior during "peacetime".

I'd still advise a rate limit, say something on the order of 512Kbps or
less depending on your pipe, and outbound TCP RST. If this makes your
routers fall over, you need new routers.

-- 
Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177  (67 29 D7 BC E8 18 3E DA  B2 46 B3 D8 14 36 FE B6)

• Previous message (by thread): Effective ways to deal with DDoS attacks?
• Next message (by thread): Effective ways to deal with DDoS attacks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]