Re: dos attack solution or not
From: Duane Arnold (notme_at_notme.com)
Date: 06/29/04
- Next message: mark v.: "SOHO firewall with dot1q support"
- Previous message: tgeer43[AT]yahoo[DOTcom: "Re: kazaa lite connection problem in xp"
- In reply to: SysAdm: "Re: dos attack solution or not"
- Next in thread: Juergen Nieveler: "Re: dos attack solution or not"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Jun 2004 23:00:37 GMT
SysAdm <me@here.com> wrote in news:Xns9516CF1653BBCSysAdm@217.32.252.50:
> Duane Arnold <notme@notme.com> wrote in
> news:Xns95163E3255B8notmenotmecoml@204.127.204.17:
>
>> "aha" <c> wrote in news:40dfc386$0$124$1b2cd167@news.wanadoo.nl:
>>
>>> a dos attack happens when 1000's pc sends out 1000's calls for
>>> connection request ,why can a firewall
>>> not count the number of req from a ip number to the server and grant
>>> only one req every 20 sec or so ?
>>> this way the server is shielded from the attacker.
>>>
>>> or is this way to simple,
>>> abe
>>
>> I don't know. To me, just setting a network FW to not respond to pings
>> may be a viable solution. Or the ability to set rules on a FW
>> appliance to block the IP for a certain amount of time would be viable
>> also.
>>
>> Duane :)
>>
>
> ping floods are one of the easiest things to rate-limit for ISPs and
> besides, pings are a fairly lame dDos. dDos attacks tend to be based
on
> service ports these days (either existing or freshly installed).
>
> blocking the source IP for a timelimit is also a potential nightmare as
> the source IP in a dDos attack is usually a zombie.
>
> SysAdm
>
ACK!
Duane :)
- Next message: mark v.: "SOHO firewall with dot1q support"
- Previous message: tgeer43[AT]yahoo[DOTcom: "Re: kazaa lite connection problem in xp"
- In reply to: SysAdm: "Re: dos attack solution or not"
- Next in thread: Juergen Nieveler: "Re: dos attack solution or not"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
