Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [Re: Which Part(s) Failed in the recent DOS Attacks?]

  • From: Richard Steenbergen
  • Date: Thu Feb 10 16:07:51 2000

On Wed, Feb 09, 2000 at 11:37:36PM -0600, Joe Shaw wrote:
> 
> 
> On 9 Feb 2000, Toplez Razer wrote:
> 
> > Joe,
> > Firewall-1 has the SynDefender and Cisco IOS 12.0 has TCP Intercept for
> > stopping TCP DOS.  Could these features stop massive TCP DOS attacks?
> 
> Both could possibly help, but when you're dealing with 800Mbps, which is
> how much traffic was reported in the Yahoo DoS, filters don't matter.  The
> problem is, you fill up the pipes and it doesn't matter that the router or
> the firewall drops the packets because legitimate traffic can't get
> through.  If the attacks were smaller directed attacks you'd have a better
> chance of defending yourself, but with these new DDoS attacks it makes it
> next to impossible unless you're a Tier1 or your Tier1 will actively
> filter.  That's what makes them so devestating right now.

GlobalCenter has that kind of pipe, if you can filter out the bad traffic
from the good. With smurfs its easy, icmp echo-reply is not a "necessary"
packet type. With SYN/ACK floods its not so easy. But then again the day I
see an 800Mbps SYN flood is the day I throw in the towel and go home.

-- 
Richard A. Steenbergen <ras@above.net>  http://users.quadrunner.com/humble
PGP Key ID: 0x60AB0AD1  (E5 35 10 1D DE 7D 8C A7  09 1C 80 8B AF B9 77 BB)
MFN / AboveNet Communications Inc - ISX Network Engineer, Vienna VA





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.