IW: Tools Stunt DoS Attacks
Bill Stewart
bill.stewart at pobox.com
Thu Feb 8 18:45:34 PST 2001
At 05:16 PM 2/7/01 +0100, Lars Gaarden wrote:
>Andrew Alston wrote:
>> Basically, people who claim to be able to stop DDOS/trace DDOS/etc etc I
>> believe are playing on the public, making money out of a situation that
>> unfortunatly has no end in site, due to the fuckups made in the IP
>> protocol by the department of defense when they released the RFC.
>
>Spoofed source-addresses can be (and often are) blocked at the
>access ISP. RFC 2267, Ingress filtering.
>
>DDOS trojans on ISDN/xDSL/Cable home user boxes will have to use
>their real (or at least same subnet) source addresses on datagrams,
>or run the risk of having the traffic dropped silently at the first
>router.
Most DDOS attacks forge their source address, changing between
large numbers of forged addresses, so the site under attack can't
defend itself by blocking the addresses that attack it.
If a Bad Guy has thousands of slave machines, they can still
launch a big attack, but if they need to use their own addresses,
the target can block the attackers (still not easy for large numbers,
but at least it's possible.)
Thanks!
Bill
Bill Stewart, bill.stewart at pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
More information about the cypherpunks-legacy
mailing list