DNS issues various

• Previous message (by thread): DNS issues various
• Next message (by thread): DNS issues various
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Oct 24, 2002 at 04:07:18PM -0400, Richard A Steenbergen mooed:
> 
> We're still working on the distributed attacks, but eventually we'll come 
> up with something just as effective. If it was as easy to scan for 
> networks who don't spoof filter as it is to scan for networks with open 
> broadcasts, I think we'd have had that problem licked too.

  Are you sure? 

*  A smurf attack hurts the open broadcast network as much (or more) 
   than it does the victim.  A DDoS attack from a large number
   of sites need not be all that harmful to any one traffic source.

*  'no ip directed broadcast', which is becoming the default behavior
   for many routers and end-systems,
              vs.
   'access-list 150 deny  ip ... any'
   'access-list 150 deny  ip ... any'
   ...
   'access-list 150 permit ip any any'

   (ignoring rpf, which doesn't work for everyone).

Until the default behavior of most systems is to block spoofed packets,
it's going to remain a problem.

  -Dave, whose glass is half-empty this week. :)

-- 
work: dga at lcs.mit.edu                          me:  dga at pobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/
      I do not accept unsolicited commercial email.  Do not spam me.

• Previous message (by thread): DNS issues various
• Next message (by thread): DNS issues various
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]