North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Proactive steps to prevent DDOS?
> I would add careful use of some rate-limiting > functionality, > (already mentioned in Richard Steenbergen's > http://www.e-gerbil.net/ras/dos.txt) > so you can rate-limit things like icmp and acks > numbered 0 and anything > else that show themselves to be obvious candidates > over time. In actuality, in a TCP SYN packet, an ack of 0 is very common. If you view legitimate syn's generated by real stacks, you will see at dword offset 7: 0x00000000. Last time I checked, this was a 0 for all intents and purposes. By rate-limiting acks of 0, you are rate-limiting most syn packets, which I don't think is the ultimate goal. -j __________________________________________________ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices. http://auctions.yahoo.com/ |