ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Internet SYN Flooding, spoofing attacks

2000-02-11 19:10:02
from [Vijay Gill] [Permanent Link] 

CC'd to NANOG, maybe we can move this there.

On Fri, 11 Feb 2000, Paul Ferguson wrote:


It would allow the attacks to be traced back to the zombies (in
the case of these DDoS attacks), and the perpetrators to be traced
back and identified.


To make that easier, what is needed is something associated with a
downstream interface that is a part of the configuration itself, not a
separate access-list.  This makes it much easier to track on a large box
with many hundreds of customer links and so forth.

Something like so:

interface XXXm/n/p.q
description whatever customer
encaps ...
ip address x y
ip allow-source blocks-that-are-valid
ip allow-source ...more-blocks-

so on and so forth.

/vijay
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [fwd] Lawyers Forsee Denial Of Service Suits, Paul Ferguson
Next by Date:  Re: Internet SYN Flooding, spoofing attacks, Daniel Senie
Previous by Thread:  Re: Internet SYN Flooding, spoofing attacks, Paul Ferguson
Next by Thread:  Re: Internet SYN Flooding, spoofing attacks, Paul Ferguson
Indexes:  [Date] [Thread] [Top] [All Lists]