-
October 27th, 2002, 05:26 PM
#1
New Method to Stop DDoS Attacks
This is taken directly from the slashdot website. I thought it was very interesting.
Pushback against DDOS Attacks
Posted by CmdrTaco on Sunday October 27, @08:49AM
from the build-a-better-*******-trap dept.
Huusker writes "Steven Bellovin and others at ATT Research Labs and ICIR have come up with mechanism to stop DDOS attacks. The idea is called Pushback . When the routers get flooded they consult a Unix daemon (/etc/pushbackd) to determine if they are being DDOS'ed. The routers propagate the quench packets back to the sources. The policy and propagation are separate, allowing hardware vendors to concentrate on the quench protocol while the white hats invent ever more clever DDOS detection filters for /etc/pushbackd. The authors of the paper have an initial implementation on FreeBSD."
I would not normally take an article from a different page, but I thought this one should be posted. I searched the forums and didn't see this one yet.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
October 27th, 2002, 06:18 PM
#2
Interesting, but it will probably only work for well known attacks. What will happen when the targets of the attacks will specifically be the systems anti-DDOS?
Life is boring. Play NetHack... --more--
-
October 27th, 2002, 06:28 PM
#3
that's just end up being a battle of Bandwidth....the end result is that the Anti-DDOS won't work.....the system will simply be out-numberd....A DDOS is meant to slow down and time-out a server or network...if that server or network then start's working overtime to push-back the information...it'll just cause even more problem's.......
There was something like this posted some time agoe...although that was about a system where the false data was simple discarded...I can't remember the exact detail's but it was a better alternative than this.....I would get you the link....but I'm too lazy.
- Noia
With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .: Bring OS X to x86!:.
Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.
-
October 27th, 2002, 06:29 PM
#4
Didn't think about that...
Maybe create a "rule" in advance to handle said attacks to anti-DDOS preventative measures?
Have to think about it more... That could get kinda messy.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
October 27th, 2002, 06:33 PM
#5
It seems like in this DDoS they are simply trying to stop the actual server or services from lagging/crashing, but like Noia said there is also the issue of Bandwith being used up in a DDoS attack, eventually(depending on who has the bigger pipe) your pipe will get full and that program wont be any good.
-
October 27th, 2002, 11:05 PM
#6
I highly doubt any program or mauever could stop DoS/DDoS attacks point blank. Simple as that.
-
November 1st, 2002, 05:36 PM
#7
I have to agree with Noia that seems to make the most sense, just drop the packets. That will leave more upstream available to send packets for legit. services, right?
Analog = Classical
Digital = Techno
-
November 1st, 2002, 05:36 PM
#8
I have to agree with Noia that seems to make the most sense, just drop the packets. That will leave more upstream available to send packets for legit. services, right?
Analog = Classical
Digital = Techno
-
November 1st, 2002, 11:24 PM
#9
Senior Member
Actually, it's quite possible to make ACL's under Cisco IOS 12.x to do all of this. Between bandwidth scaling, throttling, and source-quench options, it's actually already possible to knock out most of the DOS schemes out there. Of course, actually DOING this is another matter.
Although the new PUSHBACK scheme seems to be a bit of a better option than what's out there now, I think it is still more an IMPLEMENTATION problem than a TECHNOLOGY one. A lot of network security / network administrator types just see their role as uptime, rather than providing insurance - after all, uptime you can take to management and point at it - it's tangeable. The insurance given by good, solid security measures doesn't EVER become apparent if it's effective. And it's hard to justify this to some PHB-types.
~N~
-
November 1st, 2002, 11:24 PM
#10
Senior Member
Actually, it's quite possible to make ACL's under Cisco IOS 12.x to do all of this. Between bandwidth scaling, throttling, and source-quench options, it's actually already possible to knock out most of the DOS schemes out there. Of course, actually DOING this is another matter.
Although the new PUSHBACK scheme seems to be a bit of a better option than what's out there now, I think it is still more an IMPLEMENTATION problem than a TECHNOLOGY one. A lot of network security / network administrator types just see their role as uptime, rather than providing insurance - after all, uptime you can take to management and point at it - it's tangeable. The insurance given by good, solid security measures doesn't EVER become apparent if it's effective. And it's hard to justify this to some PHB-types.
~N~
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|