From Cisco, for any one who hasn't seen it already.
Title: Distributed Denial of Service (DDoS) News Flash URL: http://www.cisco.com/warp/public/707/newsflash.html Posted: February 9, 2000 Summary: This Security Advisory talks about Distributed Denial of Service (DDoS). More specificvally, it will help you: 1) Recognize programs used to facilitate DDoS attacks 2) Apply measures to prevent the attacks 3) Gather forensic information if you suspect an attack 4) Learn more about host security I have recently had the opportunity to try the "ip verify unicast reverse-path" command in a lab environment, it works with CEF on Cisco IOS 12.0. It seems relatively effective with about a 30% increase in distributed CPU utilisation (ie. 10% becomes 13%, not 40%). We had every packet flooding an interface with bogus source addresses, it happily discarded them all. And yes, it even forwarded the packets with valid source addresses ;-) It seems best suited to run at the edge of the network in from your downstream customers. There is no point running it on links in from upstream providers in most cases. We also lab tested Turbo Access-Lists, and found them very effective on long access-lists, the worst case the CPU increased loading on a VIP by about 40%, as opposed to a 200 entry non-Turbo Access-list which increased distributed CPU utilisation by as much as 95%. Arron Scott Telecom NZ --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog