North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: [Re: Which Part(s) Failed in the recent DOS Attacks?]
- From: Richard Steenbergen
- Date: Thu Feb 10 16:07:51 2000
On Wed, Feb 09, 2000 at 11:37:36PM -0600, Joe Shaw wrote:
> On 9 Feb 2000, Toplez Razer wrote:
> > Joe,
> > Firewall-1 has the SynDefender and Cisco IOS 12.0 has TCP Intercept for
> > stopping TCP DOS. Could these features stop massive TCP DOS attacks?
> Both could possibly help, but when you're dealing with 800Mbps, which is
> how much traffic was reported in the Yahoo DoS, filters don't matter. The
> problem is, you fill up the pipes and it doesn't matter that the router or
> the firewall drops the packets because legitimate traffic can't get
> through. If the attacks were smaller directed attacks you'd have a better
> chance of defending yourself, but with these new DDoS attacks it makes it
> next to impossible unless you're a Tier1 or your Tier1 will actively
> filter. That's what makes them so devestating right now.
GlobalCenter has that kind of pipe, if you can filter out the bad traffic
from the good. With smurfs its easy, icmp echo-reply is not a "necessary"
packet type. With SYN/ACK floods its not so easy. But then again the day I
see an 800Mbps SYN flood is the day I throw in the towel and go home.
Richard A. Steenbergen <firstname.lastname@example.org> http://users.quadrunner.com/humble
PGP Key ID: 0x60AB0AD1 (E5 35 10 1D DE 7D 8C A7 09 1C 80 8B AF B9 77 BB)
MFN / AboveNet Communications Inc - ISX Network Engineer, Vienna VA