Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: DDOS anecdotes

  • From: Tim Devries
  • Date: Sat Jun 23 16:14:15 2001

Title: RE: DDOS anecdotes


-----Original Message-----
From: woods@weird.com [mailto:woods@weird.com]
Sent: Saturday, June 23, 2001 3:56 PM
To: nanog@merit.edu
Subject: RE: DDOS anecdotes



[ On Saturday, June 23, 2001 at 20:04:06 (+0200), Mikael Abrahamsson wrote: ]
> Subject: RE: DDOS anecdotes
>
> This is a real problem. It's not FUD. Microsofts choice to include full
> IP stack capabilities will make the problem worse, but I do not blame
> their IP stack for this like Mr Gibson does though.

>No, their stack's not the root of the problem -- all the rest of their
>OS is (and of course in particular the security model, or lack thereof).


FYI beware of service pack 2.  It sets the DF bit so packets cannot fragment.  Particularily offensive if your server is on the other side of a tunnel (due to the overhead).  The solution is to reduce the MTU on the box.  Or use a different OS :)



                                                        Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>     <woods@robohack.ca>
Planix, Inc. <woods@planix.com>;   Secrets of the Weird <woods@weird.com>




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.