Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DoS/DDoS Attack

from [Barrie Dempster] Network Security [Permanent Link]
Subject: Re: DoS/DDoS Attack
Date: Thu, 20 Jan 2005 16:06:19 +0000 
On Sat, 2005-01-15 at 12:03 -0500, Steven wrote: 

Would it not be safe to say that a large amount of this issue could be 
mitigated if ISPs and/or those links above them took a more responsible 
approach to packet handling?  Wouldn't the whole issue (problem) of spoofed 
packets be handled if they were quashed at the start instead of the end? 
Perhaps I don't understand enough here, but it seems that initially 
routers/switches should have the capability to drop packets that could not 
have originated from their own network.  If new equipment had the option to 
enforce this or had it automatically built in, would this not severely 
mitigate some of this issue?  Is there a reason why spoofed packets should 
be able to make their way off a LAN and across the world?


You understand this fine. It's perfectly acceptable for an ISP to do
this and it's not difficult to implement in their ACLs. Some ISP's do
this already but they are a minority. IMO ISP's should do this as
standard, but most wont.


Perhaps this would only hold up so long until someone decided to make all 
DDoS spoof the packet from the same network but just a different host 
address.  Then maybe it would be possible to have the first router check if 
the source address of the packet exactly matches where it is actually coming 
from some how and not just that the network is valid.


Doesn't matter, if you can track it to the ISP then the ISP techs can
monitor their network and see exactly where it's coming from. You
couldn't bypass the protection in this way as, when you get to the
source ISP, recognising the customer is trivial and then finding the
specific box just takes time.


Perhaps I just have a weak understanding of how this works and it cannot be 
solved so easily, but it appears that if that "some" of this is not so hard 
to stop.  If what I have proposed is possibly and not being implemented on a 
wide scale, then why isn't it?
Steven


Simply because the public mostly doesn't care and the public are the
customers. As more customers have trouble with this then the ISPs
probably will make changes. Until then they don't see this as a
financially beneficial measure.

With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

  http://www.bsrf.org.uk

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]

Attachment: signature.asc
Description: This is a digitally signed message part

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Discovering users by RCPT TO, Tobias Glemser
Next by Date:  RE: priviledge escalation techniques, Dave Wells
Previous by Thread:  RE: DoS/DDoS Attack, Jerry Shenk
Next by Thread:  Re: DoS/DDoS Attack, Peter Van Epp
Indexes:  [Date] [Thread] [Top] [All Lists]