Effective ways to deal with DDoS attacks?
E.B. Dreger
eddy+public+spam at noc.everquick.net
Fri May 3 02:35:53 UTC 2002
RAS> Date: Thu, 2 May 2002 12:23:01 -0400
RAS> From: Richard A Steenbergen
RAS> They CAN filter on anything in the headers, it's just a matter of
RAS> convincing them that the specific filter you want is something they should
RAS> add to their software language and microcode. I'm sure as a core router
RAS> vendor they must hear every feature request imaginable and not know which
RAS> ones to follow up on. If anyone from Juniper is listening, I can tell you
RAS> 4 things to add which will stop all existing packet kiddie tools in their
RAS> tracks. But then again, I'd rather just have a language for bitmatching at
RAS> any offset. :)
And it wouldn't be that hard to have something to compile
rulesets into simply assembly, either:
movb 0x12(1,%ecx),%al
andb $0x34,%al
xorb $0x14,%al
jz some_destination
Oversimplified, yes. But mask-then-test is one of the simpler
apps to write. s/x86/chipofchoice/ and have fun.
Juniper being based on FreeBSD/x86, perhaps some kernel hooks
might be in order for those who wish to write their own code.
--
Eddy
Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist at brics.com>
To: blacklist at brics.com
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist at brics.com>, or you are likely to
be blocked.
More information about the NANOG
mailing list