SRO: Trying To Stop The DDoS Train | Linux Today

SRO: Trying To Stop The DDoS Train

Written By
Web Webster
Web Webster
Mar 10, 2000

“The recent wave of denial-of-service (DoS) attacks underscored
what has been a slowly ripening realization for solutions
providers: The old open-trust Net model is a sure recipe for
disaster. Unfortunately, the massively distributed architecture
that is the Internet contained within it the root cause of the most
serious of DoS attacks.”

“…there are some attacks that can be stopped. These are
the so-called ‘smurf’ attacks that use Internet Control Message
Protocol (ICMP) echo request packets aimed at overloading network
traffic.”

“One key to making smurf and other attacks work is address
spoofing—faking ad dresses so they appear as if they
originated from either within your own network or from a trusted
domain. There’s a twofold strategy for defeating those attacks.
First, configure all of your routers to deny IP-directed broadcast
traffic. That is a fairly safe maneuver; virtually the only time IP
broadcasting is required is for certain administrative tasks. The
second step is to filter all traffic at the edge for packets that
don’t originate on your internal network. Those sorts of problems
are tailor-made for something like policy-based firewalling.”

Complete
Story

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.