On 17 Feb 2000 blyonpopat_private wrote: | anything but. I feel the dent caused by many of these attacks could | certainly be reduced with proper policy and I honestly I do not think that | the sites under attack understand the dynamics involved in reducing the | damage of a DoS (distributed or not). | The only thing that could prevent these types of attacks (or at least make them practical to trace) is proper filtering on most all networks throughout the Internet. eBay's policy does not help when 800Mb+ of packets are coming in from all directions. I don't think it matters whether or not the sites involved understand the dynamics of anything. What dynamics? You are getting flooded with packets. I'm sure with the money involved that these large attacked sites are able to get adequate technical personnel and workable solutions. See Cisco's "Strategies for DDoS", which came out just recently: http://www.cisco.com/warp/public/707/newsflash.html I run a shell provider, an I've gotten several large (45M) smurf and syn floods. I think the real bones are when your upstream provider isn't willing/able to do things like icmp rate limiting, (other versions exist for syn and udp floods also), and when other networks (people) are uncooperative. -chris
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:05:06 PDT