Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: WANTED: ISPs with DDoS defense solutions

  • From: Barney Wolff
  • Date: Tue Aug 05 21:35:31 2003

On Wed, Aug 06, 2003 at 12:58:19AM +0000, Paul Vixie wrote:
> 
> could someone here who can write win32 apps, and someone else who can
> write cocoa apps, please volunteer short executables that will try to
> spoof a few packets through some well known server, and then report as
> to whether the current computer/firewall/cablemodem/isp/core permitted
> this or not?  isc would be happy to host the server component of this,
> as long as source code for the executables is available under a bsd
> style copyright, and the executables are released without any fee.

How would the spoofing program, or its user, be able to tell if
it was successful?  Unless I'm very confused, the definition of
spoofing is that the return packets aren't going to come back to you.

I can imagine a packet format where the real source address was in the
data, but with no authentication this would itself be subject to abuse.
You'd need a little protocol:

Volunteer                        Server
real-source-->server
                            <--back to real source with ip to fake, cookie
fake-source-->server with cookie
                            <--back to real source with result as a courtesy

Doing this from behind a NAT would be difficult.

-- 
Barney Wolff         http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.