It's nice story, but nothing new except XT/2000 options allowing to generate SRC address. But when (at last) it happen: - use WFQ over all custiomer's links (if you have WFQ no such brute attack succeed, it only slow you down but does not block you); - Cisco force all IP fragments to be queued into the single WFQ query and allow filtering of the FRAGMENTS - any big ISP have skilled security person available. When I worked in Russia, it took 10 - 15 minutes to contact your ISP and install such filters; for EUnet, it took 20 minutes; for TELIA, it was the same. For any amertican ISP, it took a week (UUnet was an exception)... - all cable providers will have src address filters, so preventing src address frauding. It was discussed 5 years ago; it was discussed 2 years ago; it's discussed today. When something change? Alexei Roudnev ----- Original Message ----- From: "Sean M. Doran" <smd@clock.org> To: <nanog@merit.edu> Sent: Saturday, June 23, 2001 8:30 AM Subject: DDOS anecdotes
Some of you may find http://grc.com/dos/grcdos.htm very interesting.
Sean.