[Dshield] IP Spoofing-Impact on DDoS defenses

Stasiniewicz, Adam stasinia at msoe.edu
Thu Feb 16 19:01:45 GMT 2006


Both of you are right in a way.  There are some fairly well document
ways that ISPs and networks operators can prevent the spread of spoofed
packets.  But the issue is implementation.  The more routers and
firewalls that implement some type of spoof prevention, the less
effective spoofed packets become.

A big thing to also consider is firewall vendors.  I have used several
firewalls and I find the spoofing preventing to vary greatly.  One that
I was using (not to name any names) would not even let you finish the
initial configuration until you squared away the anti-spoofing filters,
while others I could not find any option what so ever to configure it.

Another big hurdle are the broadband providers.  I know several are
starting to implement such filters, but not all.  So I think the next
big area would be shore up the remaining broadband providers since
people on high-speed connections tend to be the cause of a lot of
problems, not just packet spoofing.

Regards,
Adam Stasiniewicz 
Computer and Communication Services Department 
Milwaukee School of Engineering 
MSCE: Messaging & Security 2003 

> -----Original Message-----
> From: list-bounces at lists.dshield.org [mailto:list-
> bounces at lists.dshield.org] On Behalf Of Roger A. Grimes
> Sent: Thursday, February 16, 2006 10:12 AM
> To: list at lists.dshield.org
> Subject: [Dshield] IP Spoofing-Impact on DDoS defenses
> 
> A colleague of mine and I are having a discussion on the impact of
> spoofed IP address on defending against DDoS attacks.
> 
> My contention is that spoofed IP addresses adds significantly to
effort
> needed to put down a DDoS attack. His idea is that although it might
add
> some complexity, but not much, and that most (tier 1) ISPs have
> sophisticated anti-DDoS techniques and equipment that would quickly
> minimize any complexity added by the spoofed addresses.
> 
> Ideas, thoughts, from those who have been there, done that?
> 
> Roger
> 
> *******************************************************************
> *Roger A. Grimes, Banneret Computer Security, Consultant
> *CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada...
> *email: roger at banneretcs.com
> *Author of Honeypots for Windows (Apress)
> *http://www.apress.com/book/bookDisplay.html?bID=281
> *******************************************************************
> 
> 
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of your own
> couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list