Effective ways to deal with DDoS attacks?

• Previous message (by thread): Effective ways to deal with DDoS attacks?
• Next message (by thread): Effective ways to deal with DDoS attacks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2 May 2002, Hank Nussbacher wrote:

>
> At 01:49 AM 02-05-02 +0100, Avleen Vig wrote:
>
> >As time goes by, tools are being developed (in fact they're used now) that
> >completely randomize the TCP or UDP ports attacked, or use a variety of
> >icmp types in the attack.
> >So cuurrently the only way you can 'block' such attacks is to block all
> >packets for the offending protocol as far upstream as you possibly can,
> >but this is not ideal.
> >
> >If you're being attacked by a SYN flood, you can ask try to rate-limit the
> >flood at your border (possible on Cisco IOS 12.0 and higher, and probably
> >other routers too?)
>
> ACLs have been a good tool for the past number of years to stop DOS attacks
> but they suffer one very bad feature - they throw away the good packets
> along with the bad packets.  The same goes for CAR.  The same goes for
> taking a /32 and null routing it.  Consider Amazon being hit with a DDOS
> attack from random spoofed IPs to their web site.  You can't block on
> source IP since it is random.  If you block on destination IP - you end up
> taking Amazon off the network (the ultimate aim of the attacker) at a daily
> revenue loss of over $1M.

So, just filter and track quickly... move the block as far back as you
can. Have the customer remain agile also. :)

• Previous message (by thread): Effective ways to deal with DDoS attacks?
• Next message (by thread): Effective ways to deal with DDoS attacks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]