Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DoS/DDoS Attack

from [Rogan Dawes] Network Security [Permanent Link]
Subject: Re: DoS/DDoS Attack
Date: Mon, 17 Jan 2005 17:33:24 +0100
Steven wrote:
Would it not be safe to say that a large amount of this issue could be mitigated if ISPs and/or those links above them took a more responsible approach to packet handling? Wouldn't the whole issue (problem) of spoofed packets be handled if they were quashed at the start instead of the end? Perhaps I don't understand enough here, but it seems that initially routers/switches should have the capability to drop packets that could not have originated from their own network. If new equipment had the option to enforce this or had it automatically built in, would this not severely mitigate some of this issue? Is there a reason why spoofed packets should be able to make their way off a LAN and across the world?

Perhaps this would only hold up so long until someone decided to make all DDoS spoof the packet from the same network but just a different host address. Then maybe it would be possible to have the first router check if the source address of the packet exactly matches where it is actually coming from some how and not just that the network is valid.

Perhaps I just have a weak understanding of how this works and it cannot be solved so easily, but it appears that if that "some" of this is not so hard to stop. If what I have proposed is possibly and not being implemented on a wide scale, then why isn't it?

Steven


What you are talking about is called (in Cisco terms, anyway) Reverse Path Forwarding, and, in my opinion, should be used by ALL ISP's on their access routers. Basically, if the router receives a packet, and its routing tables do not show a return path going out the same interface it came in on, it drops the packet.

Unfortunately, it is not feasible to use something like this on internal routers, because it fails wherever asymmetric routing is being used. But for the first hop from the customer to the ISP, I think that it is entirely feasible to enable something like this.

For details, see http://www.cisco.com/warp/public/707/21.html#anti_spoofing

Rogan
--
Rogan Dawes

*ALL* messages to discard@dawes.za.net will be dropped, and added
to my blacklist. Please respond to "lists AT dawes DOT za DOT net"

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: priviledge escalation techniques, miguel . dilaj
Next by Date:  Re: priviledge escalation techniques, lists
Previous by Thread:  Re: DoS/DDoS Attack, Steven
Next by Thread:  RE: DoS/DDoS Attack, Jerry Shenk
Indexes:  [Date] [Thread] [Top] [All Lists]