Wednesday, January 28, 2009

DDOS attacks

This is not too hard to solve. (Score:3, Interesting)
by John Sokol (109591) on Saturday January 24, @12:57AM (#26585821) Homepage Journal
http://www.dnull.com/dos/DOS-Block.htm

-------------------
by Anonymous Coward on Saturday January 24, @10:40AM (#26588965)
Thanks for posting an article from 2001.
---------------
Re:This is not too hard to solve. (Score:2)
by John Sokol (109591) on Saturday January 24, @01:36PM (#26590587) Homepage Journal
So what, it's 2001. Does that somehow make it less valid? If your right your right, 10 minutes or 10 years doesn't change that.
It's my article, and it will work, even it they choose to keep letting things like this happen.
At some point we will have to implement something, but the longer they put it off, the harder it will be to fix later.
----------------
by Anonymous Coward on Monday January 26, @05:31PM (#26614189)
Dude, there is sooooo prior art on this.
See these documents:
http://www.faqs.org/rfcs/rfc2267.html
http://www.faqs.org/rfcs/bcp/bcp38.html
http://www.ietf.org/rfc/rfc3704.txt
http://en.wikipedia.org/wiki/Ingress_filtering
Predates Sokol by three years.
All my customer-facing VLANs/subnets get hardened with anti-spoofing ACLs, strict URPF, or both. Anybody who runs a network of any size that doesn't do this is a lazy boob.
-----------------
Great stuff.
But you prove my point even further then.
Didn't you...
So it's even more embarrassing that there are RFC already out there to solve this and they choose not to implement this.
I don't claim to be the first to figure this out.
I didn't even bother to research it, just put my idea out there for what ever it's worth back in 2001.


No comments: