One might also consider to install services like those offered by wanwall (www.wanwall.com) to get rid of ddos attacks.
Arnold -- Arnold Nipper / nIPper consulting email: [EMAIL PROTECTED] phone: +49 172 2650958 fax: +49 1212 512 364 310 ----- Original Message ----- From: "Thomas Kernen" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, February 02, 2002 5:39 PM Subject: Re: [swinog] dDoS and spoofing... > > This is more of a side note but you might want to take a look at this > traceback technique for dDoS that UUNet have demonstrated and > implemented. > > http://www.secsup.org/Tracking/ > http://www.nanog.org/mtg-0110/ppt/greene.pdf > > Thomas > > ----- Original Message ----- > From: "Pascal Gloor" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, February 02, 2002 7:37 AM > Subject: Re: [swinog] dDoS and spoofing... > > > > I know how huge this can be, but I think its now time to go forward > and to > > find a global solution to STOP this definively or at leave know how to > stop > > when it occurs... > > You need a driving license to dirve on the road, but we have no 'laws' > on > > the net... I know the internet is considered as free, open, etc... but > I m > > sure we all agree that we need to find a solution... a good starting > point > > would be the IXPs we have. Paolo, Andre, what are you peak bandwidth > on > > your IX switches? Is ther any technical way to collect datas? > > > > > > > > On Sat, 2 Feb 2002 12:28:39 +0100 > > "Pascal Gloor" <[EMAIL PROTECTED]> wrote: > > > > > Hi all, > > > > > > Does any ISP represented here do something to avoid spoofing? and > how many > > > > We are filtering all outgoing traffic against spoofing, only let our > own > > ip's out .. > > > > > do netflow? with netflow we would be able to 'some kind' trace back, > at > > > least the source network/AS of the spoofed DoS and could try to stop > them. > > > Could you have a look and see if you have some datas (since > > Thursday-Friday > > > night) to destination 193.110.95.1? I could at least try to stop a > part of > > > that DoS. > > > > Problem with netflow is, that in a case of a ddos you need enourmous > > bandwith to the > > collector, and probably thw traffic to the collector is worst than the > ddos > > ... > > (only my expirience) you should be able to collect the traffic at each > > location seperatly ... > > but that's kint of invertment intensive ... > > > > > Why not creating a 'neural and trusted' 3rd party which would > collect all > > > netflows summaries and for sure keep them secret. On demand, that > team > > would > > > seek for a specific destination IP and then would be able to trace > back > > > source networks of DoS and advise the concerned network without > giving any > > > information to the requester. > > > > That would be a great thing ... > > > > > DoS are growing day per day and we should do something...really... > we cant > > > continue to let the 'terrorists' play like that. > > > > Yes, I can observe that too ... > > > > Best Regards > > > > Matthias > > > > -- > > _;\_ Matthias Cramer System & Network Manager > > /_. \ Dolphins Network Systems AG Phone +41-1-847'45'45 > > |/ -\ .) Libernstrasse 24 Fax +41-1-847'45'49 > > -'^`- \; CH-8112 Otelfingen http://www.dolphins.ch/ > > > > > > > > ---------------------------------------------- > > [EMAIL PROTECTED] Maillist-Archive: > > http://www.mail-archive.com/swinog%40swinog.ch/ > > ---------------------------------------------- > [EMAIL PROTECTED] Maillist-Archive: > http://www.mail-archive.com/swinog%40swinog.ch/ > ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
