Congestion or regression testing DDoS

From: Sean Donelan (no email)
Date: Wed Feb 09 2000 - 01:30:40 EST


After finding out more about the current round of denial of service
attacks, I think I have an answer for several of the periods of
congestion different providers experienced during the last couple
of weeks of January.

In January there were several reports of unusually large amounts of
traffic. This caused congestion problems at several different places,
but no provider or company made any public reports. With 20/20 hindsight
it appears someone was testing how well their DDoS tool worked on
less noticable sites. The engineers I spoke with indicated they saw
heavy congestion on certain links for a few hours, but it would stop on
its own accord. Later, they would see the same congestion, and again
it would stop.

If you think of it as "congestion" instead of a DoS, are there any tools
we use to control congestion which could be adapted to lessen the effects
of a DoS? Would RED(and RED variations), rate limiting, or any of the
many QoS knobs help?








Hosted Email Solutions

Invaluement Anti-Spam DNSBLs



Powered By FreeBSD   Powered By FreeBSD