[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Prevention of DOS Attacks



On Wed, Jul 25, 2001 at 08:45:03AM +0300, Joseph Onyango Oguma wrote:
> thanks,
> i am talking of  a forged IP stuation to victimise other people pretending he/she is from the forged IP network.

What you need to do is apply anti-spoofing packet filters on your border
router. You should do this in both directions:

OUTBOUND:  allow packets with src = (your netblock) 
           deny all others

This prevents people on your network from sending spoofed packets, e.g.
being the originator of a SMURF attack

INBOUND:   deny packets with src = (your netblock)
           permit all others

This prevents people outside from spoofing your internal addresses (perhaps
to try to get past access lists or hosts.allow). It doesn't stop them
spoofing other people's addresses of course.

The exact details of how to do this depend on what kind of router you have
terminating your leased line (a Cisco router? Linux PC? FreeBSD PC?)

Also make sure you have directed broadcasts turned off (Cisco: "no ip
directed-broadcast") which will prevent your network being used as a SMURF
amplifier. Mind you, on the end of an analogue leased line, you won't be
able to do a lot of damage :-)

Cheers,

Brian.

-----
This is the afnog mailing list, managed by Majordomo 1.94.4

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org