Hi Zach,
Stefan Savage has developed a method which would allow a site under a DDOS
attack to track down the attackers even if they are spoofing their IP
addresses. This work was on Ars Technica a while ago (see the following
links)
This link outlines a basic strategy
http://arstechnica.com/reviews/2q00/networking/networking-4.html#ddos
This link acknowledges that the basic strategy needs improving on and talks
about a slightly more workable solution
http://arstechnica.com/reviews/2q00/networking/networking-5.html
This is still a long way off and would need to be adopted by companies like
Cisco etc. Somehow I don't see that happening anytime soon.
While I'm at it, here's my bit on the XP side of things. IP address spoofing
will never become a big problem as ISP's can implement egress filtering.
This would mean that you'd always at least know the ISP of the spoofer. The
biggest problem will still remain the same - getting ISP's to cooperate with
people under attack.
Cheers,
Alex Hague
> Hi Paul,
>
> So is DDoS attacks biggest security threat out there?
> It seems to be a big problem. Especially for e-commerce and data
> warehousing/management systems where uptime = $$.
> So no one has developed effective countermeasures against
> arbitrary DDoS attacks? I guess if there was a large enough
> concerted attack that some group could even overload an entire
> ISP or an Internet backbone? Do we need laws to give law
> enforcement/ISPs more power to solve this.
>
> SDG,
> Zach
>
> [EMAIL PROTECTED]
> "Blessed are those who have not seen and yet have faith." - John 20:29
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
