Philippe Bourcier wrote: > > >I would love to see a presentation regarding DrDoS. > > It could be interesting to talk about it, but : > - it's not much used > - there's not much to do against it > > So unless you get one of the guys involved in the development of IOS, Linux > or the *BSD IP stacks, the talk won't go too far...
As long as you can spoof IP addresses/packets, you can't fix this problem... All the detection/traceback techniques (ICMP traceback, MULTOPS, SPIE, IP traceback, Pushback, CenterTrack, etc) are useless since most of these proposals imply fundamental changes and I haven't seen any HW vendor put such features into their ASICs. I don't want to launch a never ending thread, the french "reading" subscribers can have a look at this presentation and tell me if part of it would be of interest for #5: http://www.securite.org/presentations/ddos/ > Steve Gibson made it look big, but he's as always making big stories out of > small events. Paxson published a paper on this topic way before Steve "nice colors" Gibson got attacked and "discovered" this new type of attacks: http://www.icir.org/vern/papers/reflectors.CCR.01/ > >Hopefully companys and ISP's starts thinking together now > >and see that DoS is the next step of online "terrorismus" and > >with the way how we all work together now; this'll badly > >hurt us all at the same time. > > Yes, but also some network hardware companies claims to have means to > filter those attacks... > > It would be very good to compare those products. > > If someone is interested here is a list of the main anti-DDoS companies : > Arbor Networks, Asta Networks, Captus Networks, Mazu Networks, Riverhead > Networks... Well, you'll soon hit NDAs or "commercial/marketing only" content... The key componenent is usually the detection engine. I had some really interesting discussions with guys like Dug Song (Arbor Networks/dsniff/etc) on this topic some months ago, maybe not worth a presentation, but maybe a topic for the coffee break ;-) Nico. -- Nicolas FISCHBACH ([EMAIL PROTECTED]) <http://www.securite.org/nico/> IP Engineering Manager - COLT Telecom AG Securite.Org Team <http://www.securite.org/> ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
