Return-Path: <sentto-279987-1299-991826886-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Wed, 06 Jun 2001 04:29:07 -0700 (PDT) Received: (qmail 21013 invoked by uid 510); 6 Jun 2001 10:29:16 -0000 Received: from hm.egroups.com (208.50.99.198) by 204.181.12.215 with SMTP; 6 Jun 2001 10:29:16 -0000 X-eGroups-Return: sentto-279987-1299-991826886-fc=all.net@returns.onelist.com Received: from [10.1.4.54] by hm.egroups.com with NNFMP; 06 Jun 2001 11:28:06 -0000 X-Sender: fc@all.net X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_1_3); 6 Jun 2001 11:28:04 -0000 Received: (qmail 83371 invoked from network); 6 Jun 2001 11:28:04 -0000 Received: from unknown (10.1.10.26) by l8.egroups.com with QMQP; 6 Jun 2001 11:28:04 -0000 Received: from unknown (HELO all.net) (65.0.156.78) by mta1 with SMTP; 6 Jun 2001 11:28:04 -0000 Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id EAA29798 for iwar@yahoogroups.com; Wed, 6 Jun 2001 04:28:04 -0700 Message-Id: <200106061128.EAA29798@all.net> To: iwar@yahoogroups.com In-Reply-To: <86F477BCF025D411912F00508BACC30A02DC1588@alpha.bookham.com> from "David Alexander" at Jun 06, 2001 09:56:22 AM Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Wed, 6 Jun 2001 04:28:04 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: Re: [iwar] re: DDOS attacks Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Per the message sent by David Alexander: > >Do these capture some quick and easy steps? > 1. Those steps, to design IP filters, are not easy or quick unless you have > a lot of knowledge in those areas. On the other hand I published an article in 1996 that described precisely how to do this and even provides sample configuration files for some firewall I was using at the time. > 2. By putting those filters in place you effectively reduce the > functionality of your own services by closing certain doors. The ONLY thing you reduce is the ability to forge things. No other effect on services occurs. > 3. Read the following (long, but very good) article, which explains why you > cannot maintain full connectivity and service against a well-planned and > technically competent DDOS attacker, no matter what you do. > http://grc.com/dos/grcdos.htm > Sorry. I wish it were otherwise. Your wish has come true. It is otherwise. Steve Gibson is not as much of an expert as he thinks he is and you are giving him too much credit. 1) If the filters that prevent forgery were widely used NONe of these packets would have gotten anywhere close to their target. 2) If the defender had the ability to flex IP addresses of his servers the attacks would have fallen on out-of-use IP addresses within seconds to minutes of starting. 3) The supposed sources of the attacks could have been traced if it was important enough to do it. 4) His is probably right about the FBI and his ISP - they are unlikely to help. Don't believe everything you read. FC -- Fred Cohen at Sandia National Laboratories at tel:925-294-2087 fax:925-294-1225 Fred Cohen & Associates: http://all.net - fc@all.net - tel/fax:925-454-0171 Fred Cohen - Practitioner in Residence - The University of New Haven This communication is confidential to the parties it is intended to serve. PGP keys: https://all.net/pgpkeys.html - Have a great day!!! ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:15 PDT