North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Effective ways to deal with DDoS attacks?

  • From: Richard A Steenbergen
  • Date: Thu May 02 13:26:18 2002

On Thu, May 02, 2002 at 08:07:31PM +0200, Hank Nussbacher wrote:
> 
> At 12:23 PM 02-05-02 -0400, Richard A Steenbergen wrote:
> 
> >Thats what the IP2 does, match bytes in the headers and come back with a
> >thumbs down or a thumbs up and a destination interface. It's really not
> >that much harder to match the bytes for a dest port against a compiled
> >ruleset and decide yes or no then it is to match the dest address against
> >a forwarding table and decide which nexthop.
> 
> Looking into the IP header is not enough.  In order to filter DDOS packets 
> one has to look into the payload as well.  I don't think routers are 
> suitable for that level of filtering (think advanced NBAR).

I disagree. There are a world of things you can do when you look at the 
entire payload, from IDS to playing Big Brother. But stopping DDoS does 
not require it, in almost every case layer 3+4 headers is sufficient.

-- 
Richard A Steenbergen <[email protected]>       http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177  (67 29 D7 BC E8 18 3E DA  B2 46 B3 D8 14 36 FE B6)