Re: Advanced Countermeasures to prevent a Ddos

• From: Christopher L. Morrow
• Date: Fri Jul 20 00:34:53 2001

On Fri, 20 Jul 2001, Hank Nussbacher wrote:

> 
> At 16:38 19/07/01 -0400, you wrote:
> 
> It all hinges on your upstream ISPs.  The things to ask for are:
> 
> - SYN and ICMP rate limiting:  If you buy a T3 from your upstream, you 
> should ask that they place on *their* peering routers and on the router 
> facing you, Cisco rate limits of about 512kb/sec of ICMP and about 
> 128kb/sec of SYNs.  Pay extra if need be.

This means I only need a modem to synflood your network out of order.
Rate-limits are only worthwhile for 'well behaved' flows, DoS is by
definition NOT well-behaved.

• References:
  • Re: Advanced Countermeasures to prevent a Ddos Hank Nussbacher

• Prev by Date: Re: Cisco, Qwest, Cert, NIPC (was Re: Code Red -> Router Memory depletion? )
• Next by Date: Code Red http log request
• Date Index
• Thread Index
• Author Index
• Historical