Re: DDoS attack.

From: Patrick Oonk (patrickat_private)
Date: Mon Jan 28 2002 - 10:47:07 PST

  • Next message: Glen Mehn: "Re: UDP port 500 traffic from two clients"

    On Sun, Jan 27, 2002 at 11:53:45PM -0500, Stanislav N. Vardomskiy wrote:
    > On Sun, 27 Jan 2002, Bugtraq Mailing Lists wrote:
    > 
    > > you should start implementing ingress filtering on your routers
    > > so that this spoofed attack will not happen again by your end users.
     
    <snip>
    
    > As you should be a good internet denisen and not spew crap onto the
    > backbone that might cause problems, you probably should filter egress as
    > well.   Simplest egress filter would be:
    
    <snip>
     
    > P.S. This is not meant to be a replacement for someone with Cisco skill -
    > there are many clued in people out there that are jobless at the moment,
    > and last time I tried to write a comprehensive instructions for Cisco
    > security for our IX, I got in no-nonsense way informed that I really
    > should not take the bread and butter from the CCIEs, least I want my
    > employer to be packeted/nullrouted off the face of the internet.
    
    There's an even more comprehensive story about egress filtering
    at http://www.incidents.org/protect/egress.php and at the Cisco
    site: http://www.cisco.com/warp/public/707/newsflash.html
    
    -- 
     patrick oonk - pine internet - patrickat_private - www.pine.nl/~patrick
     T:+31-70-3111010 - F:+31-70-3111011 - Read news at http://security.nl 
     PGPID 155C3934  fp DD29 1787 8F49 51B8 4FDF  2F64 A65C 42AE 155C 3934  
     Excuse of the day: We're on Token Ring, and it looks like the
     token got loose.
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Mon Jan 28 2002 - 10:52:09 PST