Linux Today: Linux News On Internet Time.

More on LinuxToday Distributed Denial Of Service attacks. A proposal based on routing.

Apr 03, 2000, 13:52 (1 Talkback[s])
(Other stories by Fernando Schapachnik)

[ Thanks to Noel for this link. ]

"This paper describes a technique that -hopefully- can be used to defeat the recent DDOS attacks _in_real_time_. The solution presented here is based on routing. It requires a certain amount of extra network infrastructure."

"In order to be ready to a massive DDOS attack, should change its network structure to something like:

                      +----e-----+ stub network |
                      |          +--------------+
           +--------+ |
       -a--|        +-+          +---------------+
           |        |            |               |     +-----------------+
       -b--|  ISP   +-----d------+'s +-----+ |
           |        |            | border router |     +-----------------+
       -c--|        |            +---------------+     
           +--------+                         and

        |'s |
        | DNS server    |
        | where         |
        | www=  |
        | and TTL=0     |

"In case a DDOS attack against is detected, the following actions should be carried on:
1- dial up connection to's externally located DNS server (possible many of them in order to complicate DDOSing both www and DNS servers) to make point to
2- phone call to ISP to route traffic to 10.0.0.x to the stub network and start routing the 10.0.1 network. The ISP may also stop publishing the route to 10.0.0. This probably has a cost on BGP disaggregation and routing updates, but it may worth it, because as the routing updates propagate the attack stops nearer its source."

Complete Story

Related Stories: