[iwar] re: DDOS attacks

From: David Alexander (david.alexander@bookham.com)
Date: 2001-06-06 01:56:22

Return-Path: <sentto-279987-1298-991817946-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Wed, 06 Jun 2001 02:00:07 -0700 (PDT)
Received: (qmail 14514 invoked by uid 510); 6 Jun 2001 08:00:17 -0000
Received: from n1.groups.yahoo.com (HELO hh.egroups.com) ( by with SMTP; 6 Jun 2001 08:00:17 -0000
X-eGroups-Return: sentto-279987-1298-991817946-fc=all.net@returns.onelist.com
Received: from [] by hh.egroups.com with NNFMP; 06 Jun 2001 08:59:06 -0000
X-Sender: david.alexander@bookham.com
X-Apparently-To: iwar@yahoogroups.com
Received: (EGP: mail-7_1_3); 6 Jun 2001 08:59:05 -0000
Received: (qmail 34875 invoked from network); 6 Jun 2001 08:59:05 -0000
Received: from unknown ( by l8.egroups.com with QMQP; 6 Jun 2001 08:59:05 -0000
Received: from unknown (HELO mimesweeper.bookham.com) ( by mta2 with SMTP; 6 Jun 2001 08:59:04 -0000
Received: from alpha.bookham.com (unverified) by mimesweeper.bookham.com (Content Technologies SMTPRS 4.1.5) with ESMTP id <Tc0a80102a953f9900857@mimesweeper.bookham.com> for <iwar@yahoogroups.com>; Wed, 6 Jun 2001 09:54:11 +0100
Received: by alpha.bookham.com with Internet Mail Service (5.5.2650.21) id <M2C59TK1>; Wed, 6 Jun 2001 09:56:23 +0100
Message-ID: <86F477BCF025D411912F00508BACC30A02DC1588@alpha.bookham.com>
To: 'iwar submissions' <iwar@yahoogroups.com>
X-Mailer: Internet Mail Service (5.5.2650.21)
From: David Alexander <david.alexander@bookham.com>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Wed, 6 Jun 2001 09:56:22 +0100 
Reply-To: iwar@yahoogroups.com
Subject: [iwar] re: DDOS attacks
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit


>So let's see if I have captured some key points, being a non-expert and
>having looked a bit at what Fred says about it( ;) ) and what I already
>Simple steps to prevent DDoS:
>- Monitor out going packets - something still not done as frequently as our
>emphasis on incoming packets. 
>- Maximize redundancy of availability - Like Fred does, or the Akamai
>service model.
>- Test your connection load, including (money is no object) redundant
>servers and load balancers, like MS did during the famed "zombie attacks"
>last year.
>Do these capture some quick and easy steps?

1. Those steps, to design IP filters, are not easy or quick unless you have
a lot of knowledge in those areas.
2. By putting those filters in place you effectively reduce the
functionality of your own services by closing certain doors.
3. Read the following (long, but very good) article, which explains why you
cannot maintain full connectivity and service against a well-planned and
technically competent DDOS attacker, no matter what you do.


Sorry. I wish it were otherwise.

David Alexander M.INSTIS
Global Client-Server, Communications & Infrastructure Manager
Bookham Technology plc

DDI:     01235 837823
Mobile: 0779 988 1284

This e-mail is intended for the person it is addressed to only. The
information contained in it may be confidential and/or protected by
law. If you are not the intended recipient of this message, you must
not make any use of this information, or copy or show it to any
person. Please contact us immediately to tell us that you have
received this e-mail, and return the original to us. Any use,
forwarding, printing or copying of this message is strictly prohibited.

No part of this message can be considered a request for goods or
Any questions about Bookham's E-Mail service should be directed to postmaster@bookham.com.


Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 

This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:15 PDT