|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: [Re: Which Part(s) Failed in the recent DOS Attacks?]
On Wed, Feb 09, 2000 at 11:37:36PM -0600, Joe Shaw wrote: > > > On 9 Feb 2000, Toplez Razer wrote: > > > Joe, > > Firewall-1 has the SynDefender and Cisco IOS 12.0 has TCP Intercept for > > stopping TCP DOS. Could these features stop massive TCP DOS attacks? > > Both could possibly help, but when you're dealing with 800Mbps, which is > how much traffic was reported in the Yahoo DoS, filters don't matter. The > problem is, you fill up the pipes and it doesn't matter that the router or > the firewall drops the packets because legitimate traffic can't get > through. If the attacks were smaller directed attacks you'd have a better > chance of defending yourself, but with these new DDoS attacks it makes it > next to impossible unless you're a Tier1 or your Tier1 will actively > filter. That's what makes them so devestating right now. GlobalCenter has that kind of pipe, if you can filter out the bad traffic from the good. With smurfs its easy, icmp echo-reply is not a "necessary" packet type. With SYN/ACK floods its not so easy. But then again the day I see an 800Mbps SYN flood is the day I throw in the towel and go home. -- Richard A. Steenbergen <[email protected]> http://users.quadrunner.com/humble PGP Key ID: 0x60AB0AD1 (E5 35 10 1D DE 7D 8C A7 09 1C 80 8B AF B9 77 BB) MFN / AboveNet Communications Inc - ISX Network Engineer, Vienna VA
|