Results 1 to 6 of 6
  1. #1
    Join Date
    Sep 2003
    Location
    Kent, England
    Posts
    72

    Interesting Anti-DoS idea.

    First of all, please apologize if im talking absolete rubbish, I'm currently learning the whole technical background of TCP/IP.

    Anyway, dealing with clients who use servers for DoSing and the likes can be very expensive to deal with, and recieving DoS attacks obviously painful.

    Now, this little random idea is probably been thought of and prehaps exists, but looking at ICMP Source Quench.

    From what I can gather if a box is getting flooded by too much information it sends a Source Quench request to the server. Now blatently this isnt mantatory, since we have DoSing, but what about something which takes this and makes it mandatory, forcing the server to stop the DoS. Webhosts could write this in ToS that this measure is required on the server, and thus eliminating effective DoS attacks from the servers.

    Feedback / Correcting me for such a stupid idea (if I'm making no sense) welcome .

  2. #2
    Join Date
    Jun 2003
    Location
    UK
    Posts
    6,616
    OK I'm a bit of newbie so guessing here but taking that the source IP is forged on most DDOS then sending an ICMP Source Quench would actually be directed at an innocent bystander so prehaps you would end up DOS'ing them as well

    Rus
    Russ Foster - Industry Curmudgeon
    Freelance Sysadmin for Hire - email vaserv@gmail.com

  3. #3
    Join Date
    Sep 2003
    Location
    Kent, England
    Posts
    72
    Will still help in DDoS, as the slave computers that have been comprised will unable to send the data that the master is telling it to do.

  4. #4
    This would be a standard across the internet, as anyones server/home computer could become comprimised.
    Datums Internet Solutions, LLC
    Systems Engineering & Managed Hosting Services
    Complex Hosting Consultants

  5. #5
    Join Date
    Jun 2004
    Location
    Michigan, USA
    Posts
    245
    Most DDOS attacks are generated from spoofed ips so I dont think it would help that much. You would be better off implementing hardware filtering and a null routing policy

  6. #6
    Join Date
    May 2004
    Location
    India
    Posts
    91
    I agree with tekneeks . If someone flooding from 10,000 spoofed ip and 10 chillds per ip, what protection will do ? But it can bring down any server, if properly implemented. I think ipv6 have a solution for us. Waiting for that era to begin properly.
    Helpdesk : Sir, you need to add 10GB space to your HD , Customer : Could you please tell where I can download that?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •