This post originated from an RSS feed registered with Python Buzz
by Ng Pheng Siong.
Original Post: DDoS
Feed Title: (render-blog Ng Pheng Siong)
Feed URL: http://sandbox.rulemaker.net/ngps/rdf10_xml
Feed Description: Just another this here thing blog.
Just noticed there is a stack of handouts sitting on one of my old
computers on DDoS
attacks from another Cisco person. I believe I heard the talk in 2001.
In these handouts, the then current attack was Stacheldraht and there
was little information on handling the attacks.
Since then, defences have been developed by extending BGP, the Internet's routing protocol: RFC 3882
describes using BGP to block DDoS attacks. In essence, when a DDoS attack
is detected, routing changes are made and propagated via BGP to redirect
the attack traffic to a blackhole node, away from the intended
target.
Clever exploitation of the emergent behaviour of the TCP/IP protocol suite
allows the generation and capture of backscatter traffic
which identifies the routers from which spoofed-source DDoS traffic is
entering the network. This helps in tracing the attack's origins.