On Mon, 2006-05-22 at 22:52:53 -0500, Jacob Yocom-Piatt proclaimed... > what are some methods of launching a DDoS attack?
syn floods (old skool), udp floods, lots of small packets, icmp floods, whatever. my favorite is seeing a host flooded with protocol 50....nearly everyone passes it and hardly anyone rate limits it. Methods mostly include botnets, but if I'm on a 1Gbps link and you're on a 1.544Mbps link, I win. > what countermeasures can i take against such an attack? Know your providers; be friends with your providers. Know who to talk to for filters upstream. You can also do egress/ingress limited if you're on a big fat pipe, look into RED (random early detection), configure ECN in all of your applications and devices, etc. But there's no solution for drinking out of a firehose at full blast. Sometimes you just have to be "A Man" a drink! > feel free to reply off list if you like ;). i am asking this here since, IMO, > openbsd has highest average "1337n355" among its user base. Uh yea, it's 2006....we don't talk like that anymore. - Eric
