Re: DOS attacks
From: NeoSadist (neosad1st_at_charter.net)
Date: 12/27/03
- Next message: Travis Casey: "Re: Backup media; comments would be appreciated."
- Previous message: NeoSadist: "Re: Interpreting tcpdump output"
- In reply to: Peteris Krumins: "Re: DOS attacks"
- Next in thread: Colin McKinnon: "Re: DOS attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 26 Dec 2003 16:24:43 -0700
Peteris Krumins wrote:
> NeoSadist <neosad1st@charter.net> wrote in
> news:vuklfaskicp286@corp.supernews.com:
>
>>
>> There is also a method to prevent DoS attacks by limiting what port it
>> is that you're afraid of.
>> For example, you could use icmp limiting to limit icmp incoming and
>> outgoing to 3 packets an hour. Read up on ICMP and limiting.
>>
>
> Imagine a cracker has a network of dos-bots. You have a total
> of 1mbit bandwidth from your provider. You limit icmp to 3 packets
> an hour. The cracker starts a dos on your network from all bots and
> the total bandwidth destinated to you reaches tens of mbits.
> Your links gets congested.
> Game over.
No, here's the real story.
Your firewall logs three packets.
Your firewall then blocks all other ICMP packets outright for the next hour.
Assuming you were smart enough to get a box powerful enough to do the
brainwork (say your firewall box is a dual pIII or higher, capable of at
least 2000MIPS/2000MFLOPS), it just sits there dropping all ICMP packets.
Your link may get congested, but not on your end. More like your ISP's end.
>
>
> P.Krumins
-- Radioactive cats have 18 half-lives.
- Next message: Travis Casey: "Re: Backup media; comments would be appreciated."
- Previous message: NeoSadist: "Re: Interpreting tcpdump output"
- In reply to: Peteris Krumins: "Re: DOS attacks"
- Next in thread: Colin McKinnon: "Re: DOS attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
