New Method to Stop DDoS Attacks
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: New Method to Stop DDoS Attacks

  1. #1
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325

    New Method to Stop DDoS Attacks

    This is taken directly from the slashdot website. I thought it was very interesting.

    Pushback against DDOS Attacks
    Posted by CmdrTaco on Sunday October 27, @08:49AM
    from the build-a-better-*******-trap dept.
    Huusker writes "Steven Bellovin and others at ATT Research Labs and ICIR have come up with mechanism to stop DDOS attacks. The idea is called Pushback . When the routers get flooded they consult a Unix daemon (/etc/pushbackd) to determine if they are being DDOS'ed. The routers propagate the quench packets back to the sources. The policy and propagation are separate, allowing hardware vendors to concentrate on the quench protocol while the white hats invent ever more clever DDOS detection filters for /etc/pushbackd. The authors of the paper have an initial implementation on FreeBSD."
    I would not normally take an article from a different page, but I thought this one should be posted. I searched the forums and didn't see this one yet.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  2. #2
    Senior Member
    Join Date
    Apr 2002
    Posts
    634
    Interesting, but it will probably only work for well known attacks. What will happen when the targets of the attacks will specifically be the systems anti-DDOS?
    Life is boring. Play NetHack... --more--

  3. #3
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    that's just end up being a battle of Bandwidth....the end result is that the Anti-DDOS won't work.....the system will simply be out-numberd....A DDOS is meant to slow down and time-out a server or network...if that server or network then start's working overtime to push-back the information...it'll just cause even more problem's.......

    There was something like this posted some time agoe...although that was about a system where the false data was simple discarded...I can't remember the exact detail's but it was a better alternative than this.....I would get you the link....but I'm too lazy.

    - Noia
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Didn't think about that...

    Maybe create a "rule" in advance to handle said attacks to anti-DDOS preventative measures?

    Have to think about it more... That could get kinda messy.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    Banned
    Join Date
    Sep 2001
    Posts
    522
    It seems like in this DDoS they are simply trying to stop the actual server or services from lagging/crashing, but like Noia said there is also the issue of Bandwith being used up in a DDoS attack, eventually(depending on who has the bigger pipe) your pipe will get full and that program wont be any good.

  6. #6
    Banned
    Join Date
    Oct 2002
    Posts
    30
    I highly doubt any program or mauever could stop DoS/DDoS attacks point blank. Simple as that.

  7. #7
    I have to agree with Noia that seems to make the most sense, just drop the packets. That will leave more upstream available to send packets for legit. services, right?
    Analog = Classical
    Digital = Techno

  8. #8
    I have to agree with Noia that seems to make the most sense, just drop the packets. That will leave more upstream available to send packets for legit. services, right?
    Analog = Classical
    Digital = Techno

  9. #9
    Senior Member
    Join Date
    Jan 2002
    Posts
    132
    Actually, it's quite possible to make ACL's under Cisco IOS 12.x to do all of this. Between bandwidth scaling, throttling, and source-quench options, it's actually already possible to knock out most of the DOS schemes out there. Of course, actually DOING this is another matter.

    Although the new PUSHBACK scheme seems to be a bit of a better option than what's out there now, I think it is still more an IMPLEMENTATION problem than a TECHNOLOGY one. A lot of network security / network administrator types just see their role as uptime, rather than providing insurance - after all, uptime you can take to management and point at it - it's tangeable. The insurance given by good, solid security measures doesn't EVER become apparent if it's effective. And it's hard to justify this to some PHB-types.

    ~N~

  10. #10
    Senior Member
    Join Date
    Jan 2002
    Posts
    132
    Actually, it's quite possible to make ACL's under Cisco IOS 12.x to do all of this. Between bandwidth scaling, throttling, and source-quench options, it's actually already possible to knock out most of the DOS schemes out there. Of course, actually DOING this is another matter.

    Although the new PUSHBACK scheme seems to be a bit of a better option than what's out there now, I think it is still more an IMPLEMENTATION problem than a TECHNOLOGY one. A lot of network security / network administrator types just see their role as uptime, rather than providing insurance - after all, uptime you can take to management and point at it - it's tangeable. The insurance given by good, solid security measures doesn't EVER become apparent if it's effective. And it's hard to justify this to some PHB-types.

    ~N~

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •