North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: New Internet-draft on DDOS defense...

  • From: Vipul Shah
  • Date: Fri May 12 06:09:14 2000

>Another point that hasn't been mentioned in this thread is that this type
>of attack is very easy to track down, since all the echo-reply packets
>will have addresses in the same subnet.  A good portion of the problem
>with smurf attacks is not so much the attack itself as the painful process
>of tracking it to it's source.

By the time you trace the packets, identify the subnet, and convince the 
Network Administrator to detach the compromized system from the network,
 the victim's router might have crashed. Especially, when there are more 
than one DDoS agents are compromized over different networks, the 
victim site may loose several hours of business!


>Brandon Ross                                                 404-522-5400
>VP Engineering, NetRail                   
>AIM:  BrandonNR                                             ICQ:  2269442
>Read RFC 2644!
>Stop Smurf attacks!  Configure your router interfaces to block directed
>broadcasts. See for details.