Re: [fw-wiz] RE: Why blocking bogons buys you nothing (Mikael Olsson)

From: Mikael Olsson (mikael.olsson_at_clavister.com)
Date: 11/10/03

  • Next message: Hilal Hussein: "Re: [fw-wiz] trusted & untrusted ports" 
    To: Barney Wolff <barney@databus.com>
Date: Mon, 10 Nov 2003 03:12:16 +0100

    Barney Wolff wrote:
    >
    > On Sun, Nov 09, 2003 at 07:07:10PM +0100, Mikael Olsson wrote:
    > >
    > > 40-50% is not "significant" for a DDoS in my opinion. Especially
    > > not if you're doing it on the wrong end of your Internet connection.
    >
    > Depends on your goal. If your goal is immunity from every DDoS, yes.
    > But that goal is unattainable by any means. If your goal is to reduce
    > the frequency of outages caused by DDoS, 50% is significant, because
    > not every attack will come from the most powerful attacker.

    And not every attack will come from DDoS slaves that spoof their
    source IPs. And not all of the spoofing slaves will use completely
    random source IPs.

    I've been on the receiving end of about half a dozen DDoSes so far.
    None of them used randomized addresses. 

    -- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: Hilal Hussein: "Re: [fw-wiz] trusted & untrusted ports"

    Relevant Pages

    • Re: IPspoofing
      ... The short answer is that, especially if the threat is DDoS, you can't. ... to disguise the true source of the attack. ... > Este mensaje puede contener información confidencial y/o privilegiada. ... Internet communications are not secure and therefore the Barclays ...
      (Security-Basics)
    • RE: any recommendable anti-ddos solution?
      ... With DDOS you cannot simply block a host, DDOS is originating from lots of ... different subnets on different geographic locations, so blocking a host ... attack, for example if I know you have an IPS system that denies traffic ... and the switch that goes to everything else inside the network. ...
      (Security-Basics)
    • RE: Client DDoS requests, ideas?
      ... The DDOS protection company you are thinking about is www.prolexic.com ... take into consideration that a real DDOS attack will not only take down the ... Asunto: Re: Client DDoS requests, ...
      (Pen-Test)
    • Re: Denial of Service: Commercial Defense products
      ... Some of these fields will have to be at least bounded inside certain intervals - otherwise the attack will not be really effective or will not reach its victim. ... there is no 100% bullet proof solution against DDoS attacks. ... TCP sequence number. ... TCP checksum. ...
      (Focus-IDS)
    • RE: Limited vs full blown testing
      ... He SPECIFICALLY excluded DDOS. ... about doing a DOS in a penetration test or vulnerability ... > We accept a brief excluding DoS attacks, ... vector of attack that we live with, a risk level we hope to avoid. ...
      (Pen-Test)