Re: Smurf Broadcast DoS attack

From: Valdis.Kletnieks@vt.edu
Date: 08/23/01 

Message-Id: <200108231838.f7NIcEb29120@foo-bar-baz.cc.vt.edu>
To: admin@area66.com
Subject: Re: Smurf Broadcast DoS attack 
From: Valdis.Kletnieks@vt.edu
Date: Thu, 23 Aug 2001 14:38:14 -0400

On Thu, 23 Aug 2001 12:35:14 +0200, X <falken@area66.com> said:

> This mail could open a discussion about the Internet insecurity, how to
> avoid this attacks, possible solutions, possible ways to analyze the
> results.

A noble idea, but discussion has already been started, quite some time
ago:

http://www.sans.org/topten.htm
http://www.sans.org/dosstep/index.htm
http://www.sans.org/ddos_roadmap.htm

http://www.cisco.com/public/cons/isp/documents/ has stuff on DDOS.

Richard Steenbergen has some thoughts:
http://www.e-gerbil.net/ras/projects/dos/dos.txt

The Lighthouse project done by MERIT for Darpa:
http://www.eecs.umich.edu/lighthouse

Also:

>I understand that there are other DARPA funded efforts working on
>different aspects of the DOS problem (automatic detection, trace back,
>counter measures).
>
>Take a look at "Networking & Distributed Systems" under
>
> http://www.darpa.mil/ito/ResearchAreas.html
>
>In particular see:
>
> http://www.darpa.mil/ito/psum2000/J032-0.html
> http://www.darpa.mil/ito/psum2000/J910-0.html
> http://www.darpa.mil/ito/psum2000/J028-0.html

The DANTE people in the UK were also working on some in-house things,
but I don't know if those were ever published.

You'll notice that those are all links to OLD stuff. The conclusions
to draw are pretty obvious.. 

-- 
				Valdis Kletnieks
				Operating Systems Analyst
				Virginia Tech