Make Inggress Filtering the LAW for all ISPs!
It should eliminate 99.9% of DOS attacks! Audie Onibala ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1
On Wed, Mar 19, 2036 at 12:35:53PM -0700, Toplez Razer wrote:
It should eliminate 99.9% of DOS attacks!
get off my soapbox! :-) unfortunately, the new breed of ddos is even naughtier than smurf. it relies on compromised hosts on which a daemon is placed to listen to requests, and begin flooding someone else's network. really quite effective, and there isn't just a whole lot of router magic that can save our butts from this. good host security is absolutely essential to prevent the problem, and it's not something where a bunch of rogue geeks can go around pointing fingers and "blacklisting" potential middle-men as easily as they've done with smurf and friends. fortunately, we're all sure that our hosts are not compromised. ;-) -- Sam Thomas Geek Mercenary
On Fri, 11 Feb 2000, Sam Thomas wrote:
On Wed, Mar 19, 2036 at 12:35:53PM -0700, Toplez Razer wrote:
It should eliminate 99.9% of DOS attacks!
get off my soapbox! :-)
unfortunately, the new breed of ddos is even naughtier than smurf. it relies on compromised hosts on which a daemon is placed to listen to requests, and begin flooding someone else's network. really quite effective, and there isn't just a whole lot of router magic that can save our butts from this. good host security is absolutely essential to prevent the problem, and it's not something where a bunch of rogue geeks can go around pointing fingers and "blacklisting" potential middle-men as easily as they've done with smurf and friends.
The number of such incidents could be greatly reduced if regular security audits by competent individuals were performed before shipping software. I truly believe that many folks have it backwards: It's not the admins of the "250,000 hosts" that need to be educated as much as it is the (by comparison) handful of software manufacturers. Most of these attacks are successful because the majority of people seem to run "out of the box" configurations. This should serve to indicate that "out of the box" is woefully inadequate(being responsible for locking down boxes on a regular basis I can attest to that...) /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ Patrick Greenwell Earth is a single point of failure. \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Be careful what you wish for. /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ Patrick Greenwell Earth is a single point of failure. \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Make Inggress[sic] Filtering the LAW for all NANOG postings! It should eliminate 99.9% of DOS posters. I suggest we make the nanog list subscriber post only. We're starting to attract popular media attention, and that can only invite these "helpful" kind of postings. Ehud
It should eliminate 99.9% of DOS attacks!
Audie Onibala
____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1
On Sat, 12 Feb 2000, Ehud Gavron wrote:
I suggest we make the nanog list subscriber post only. We're
Uhh..to my knowledge it already is "subscriber post only". In fact posters have to subscribe to an entirely different list then just readers.. :) -jr ---- Josh Richards [JTR38/JR539-ARIN], Director of Engineering/Network Operations The FIX Network, Inc. - San Luis Obispo, CA - <URL:http://www.fix.net/>
On Sat, 12 Feb 2000 11:11:22 -0700 (MST), Ehud Gavron <GAVRON@ACES.COM> wrote:
Make Inggress[sic] Filtering the LAW for all NANOG postings! It should eliminate 99.9% of DOS posters.
Well yeah, the post wasn't terribly helpful as it stood, but OTOH, it would certainly be helpful to have a 'model' client/peering agreement that includes some sort of reasonable standard for what kind of traffic should be filtered on ingress & egress. The only one I've seen thus far are the guidelines in Cisco's white-paper for ISPs, which (while extremely helpful) seem a little out of date these days. Is anyone interested in helping come up with some sort of standard model, or at least a set of guidelines? Or do people think such a thing would be unneccessary? -- W . | ,. w , "Some people are alive only because \|/ \|/ it is illegal to kill them." Perna condita delenda est ---^----^---------------------------------------------------------------
I never said make it a law, I said make it part of the peering administration agreement. There business practices and there are laws, and laws can not handle what happens out here on the networks since they cross so many geo-political boundaries. Ehud Gavron wrote:
Make Inggress[sic] Filtering the LAW for all NANOG postings! It should eliminate 99.9% of DOS posters.
I suggest we make the nanog list subscriber post only. We're starting to attract popular media attention, and that can only invite these "helpful" kind of postings.
Ehud
It should eliminate 99.9% of DOS attacks!
Audie Onibala
____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1
-- Thank you; |--------------------------------------------| | Thinking is a learned process so is UNIX | |--------------------------------------------| Henry R. Linneweh
participants (7)
-
Ehud Gavron -
Henry R. Linneweh -
Josh Richards -
Lionel Lauer -
Patrick Greenwell -
Sam Thomas -
Toplez Razer