Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Subject: Re: Networking theories
From: Bluefish (11aGMX.NET)
Date: Sun May 07 2000 - 13:13:36 CDT
- Next message: Bluefish: "Re: ethernet cards & promisc mode"
- Previous message: Blue Boar: "Re: I love you Author evidence ?"
- Next in thread: Aussie: "Re: Networking theories"
- Maybe reply: Bluefish: "Re: Networking theories"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I recieved a request for the email I had in mind as a private email. I
figgured it might be usefull readings for several others as well.
The email I hand in mind was from CIAC (not CERT, typo):
Related / similar pappers found with altavista:
(the CIAC paper is the best, IMHO)
None of these papers actually describes how to protect against the attack
mentioned in the original mail, but the attack wouldn't be possible if all
mayor ISPs used EGRESS filtering. The papers does neither have a solution
against any DDoS which sends correct, unspoofed packets.
Additionally, Linux firewalls/routers could be setup to maximum anti-spoof
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then
echo -n "FIREWALL: Enabling kernel IP spoofing protection... "
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo "2" > $f
> Any idea on where to obtain a copy of this email? Im not exactly a large
> ISP, but I do deal with a few large networking situations.
> ----- Original Message -----
> From: "Bluefish" <11aGMX.NET>
> To: <VULN-DEVSECURITYFOCUS.COM>
> Sent: Friday, May 05, 2000 5:06 PM
> Subject: Re: [VULN-DEV] Networking theories
> > > victim.org(spoofed) ---> ICMP(source-quench) --->
> > > router.victim.org
> > Actually, there was a email from... cert (I think) ... intended for larger
> > companies and ISPs with guidelines for combating DDoS. Among those
> > guidelines there was recommendations of checking source IP. So it's a
> > known problem which responsible ISPs will stop (but probably most doesn't)
> > ..:::::::::::::::::::::::::::::::::::::::::::::::::..
> > http://www.11a.nu || http://bluefish.11a.nu
> > eleventh alliance development & security team