OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: DDOS Attack Mitigation
From: Darren Reed (avalonCOOMBS.ANU.EDU.AU)
Date: Mon Feb 14 2000 - 16:49:43 CST

In some mail from Alan Brown, sie said:
>
> On Sun, 13 Feb 2000, Darren Reed wrote:
>
> > You know if anyone was of a mind to find someone at fault over this,
> > I'd start pointing the finger at ISP's who haven't been doing this
> > due to "performance reasons".
>
> To be fair, if you do this on most terminal servers (eg, Cisco 5300, Max
> 4000), they will collapse under the load.

i.e. poorly designed.

> > They've had the ability to do it for
> > years and in doing so would seriously reduce the number and possibility
> > of "spoofing" attacks.
>
> See above. Having enough CPU available to handle spoof filtering from
> dialups adds a lot to costs and most ISPs simply can't afford to pay
> more in order to be able to provide that benefit. :-(

Someone should either put a bomb under Cisco's arse and get them to
pull their finger out and deliver a cost-effective box which does
what's actually required for a `secure internet' or gather up some
venture capital and build a new box which provides the requisite
security. It would seem that the market is potentially quite large:
replacing every Cisco dialup router in existance with a "secure one"
with at least the same performance. How many 1000s of units do Cisco
claim to have sold ?

Darren