Re: New Internet-draft on DDOS defense...
Paul Ferguson <ferguson@cisco.com> 05/11/00 05:14PM >>> How is this substantially different than RFC2644, "Changing
The solution suggested by RFC2644 is for routers only, while the proposed solution is intended for end-nodes. If DDoS Smurf attack is generated using local broadcast, RFC2644 solution won't prevent the attack. Read carefully the last paragraph of Section 1 of the draft. Vipul the Default for Directed Broadcasts in Routers"? http://www.ietf.org/rfc/rfc2644.txt - paul At 10:13 PM 05/10/2000 -0600, Vipul Shah wrote:
Hi All,
I'd like to bring your attention to a recent Internet-draft. The URL is:
http://www.ietf.org/internet-drafts/draft-vshah-ddos-smurf-00.txt
This draft proposes a specific (simple) change to RFC1122 which would help reduce the use of Smurf amplification in DDOS attacks. This is augments ingress filtering; it is designed specifically for the case where the attacker (source) is using broadcast on the local LAN as part of a DDOS attack. This is a case where ingress filtering does not help.
We are proposing that it be an addition to the standard set by RFC1122. We'd very much like to hear comments from people on this draft.
Vipul
On Thu, 11 May 2000, Vipul Shah wrote:
The solution suggested by RFC2644 is for routers only, while the proposed solution is intended for end-nodes.
If DDoS Smurf attack is generated using local broadcast, RFC2644 solution won't prevent the attack. Read carefully the last paragraph of Section 1 of the draft.
Another point that hasn't been mentioned in this thread is that this type of attack is very easy to track down, since all the echo-reply packets will have addresses in the same subnet. A good portion of the problem with smurf attacks is not so much the attack itself as the painful process of tracking it to it's source. Brandon Ross 404-522-5400 VP Engineering, NetRail http://www.netrail.net AIM: BrandonNR ICQ: 2269442 Read RFC 2644! Stop Smurf attacks! Configure your router interfaces to block directed broadcasts. See http://www.quadrunner.com/~chuegen/smurf.cgi for details.
participants (2)
-
Brandon Ross
-
Vipul Shah