Dave Wreski wrote:
>
> This would be ICMP we are talking about -- no SYN flag.
Hmm, I should have made clear that I was theorizing a bit there.
The point was that if a lot of people start choking ICMP
upstream, the likely development will be towards TCP storms
rather than ICMP storms.
- And you don't really want to throttle all your TCP :-P
The only real defense is securing every "legitimate" server
on the 'net, and kicking the illegitimate ones out.
That way, the Bad Guys(tm) won't have anything to use
as amplifiers.
Besidies, there IS already a UDP based flooder, utilizing
quake 1 servers as amps; that way you won't even have
to hack a machine to get good ratios.
... Security sucks :-P
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
Phone: +46 (0)660 105 50 Fax: +46 (0)660 122 50
Mobile: +46 (0)70 248 00 33
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
