|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: DDOS anecdotes
At 02:37 PM 6/23/01, Tim Wilde wrote: > This is a real problem. It's not FUD. Microsofts choice to include full > IP stack capabilities will make the problem worse, but I do not blame > their IP stack for this like Mr Gibson does though. Oh, it's most certainly a real problem, but I don't agree that the changes in Win XP will really make any difference whatsoever. With some very trivial driver additions, raw sockets can be accessed under any previous version of Windows, just like in XP. Indeed, there have been LAN analyzers which run on all variants of Windows for a very long time. These can generate / play back traffic, using whatever source IP addresses and MAC addresses were on the original packets. Obviously, a general spoofing tool for Win95 could be written. After reading that part of the tirade, I came to the same conclusion as a previous poster... lots of FUD, and not much more. It's been 5 years since the document now published as RFC 2827 was first a draft. Many sites do ingress or egress filtering. Many don't. Most router equipment can now handle it, according to the manufacturers. Yes, there are issues dealing with multi-homing. However, it appears many attacks still originate from single homed sites, dialup sites, cable modem attached systems, and the like. In most cases, these could be filtered. Has anyone at any of the cable modem vendors made any attempts to try ingress filtering in the cable system head-end routers? Did it work? Need help trying it out? While Ingress filtering will not cure the world, it can help de-fang many attacks. Unfortunately, it requires cooperation to be effective. ----------------------------------------------------------------- Daniel Senie [email protected] Amaranth Networks Inc. http://www.amaranth.com
|