This post originated from an RSS feed registered with Python Buzz by Ng Pheng Siong. Original Post: DDoS Feed Title: (render-blog Ng Pheng Siong) Feed URL: http://sandbox.rulemaker.net/ngps/rdf10_xml Feed Description: Just another this here thing blog. Latest Python Buzz Posts Latest Python Buzz Posts by Ng Pheng Siong Latest Posts From (render-blog Ng Pheng Siong)

Just noticed there is a stack of handouts sitting on one of my old computers on DDoS attacks from another Cisco person. I believe I heard the talk in 2001.

In these handouts, the then current attack was Stacheldraht and there was little information on handling the attacks.

Since then, defences have been developed by extending BGP, the Internet's routing protocol: RFC 3882 describes using BGP to block DDoS attacks. In essence, when a DDoS attack is detected, routing changes are made and propagated via BGP to redirect the attack traffic to a blackhole node, away from the intended target.

Clever exploitation of the emergent behaviour of the TCP/IP protocol suite allows the generation and capture of backscatter traffic which identifies the routers from which spoofed-source DDoS traffic is entering the network. This helps in tracing the attack's origins.