A Call to Network Providers to end IP Spoofing
August 18, 2010
In the world of DDOS attacks, “IP Spoofing” or just “Spoofing” for short Is a technique used to hide the actual IP Address of an attacking computer, as well as overload session tables. Attackers can choose an alternate IP address, or generate random IP addresses which can change very rapidly allowing one attacker to simulate vast numbers of simultaneous attackers all having different IP addresses. This makes tracking the source of the infected botnet computers more difficult, as the source IP address of the attacker has been falsified. Session tables of a server or load balancer will keep a pre-determined number of open sessions for each IP address for a specified length of time in seconds. The amount of available sessions is determined by the amount of memory dedicated to this task. The spoofing of IP addresses allows a single attacking computer to create more open sessions then normally permitted. In a DDOS attack, a very large number of spoofed addresses can be generated, overloading the session table and dropping all packets, or causes the server or load balancer to crash. IPv6 (IP Version 6) has been designed to provide more security and will bring an end to spoofing, however in the mean time the “Chicken or the egg” wait for the masses to adopt IPv6. means we need to address spoofing in the best way possible to deal with this problem.
For more information on this, please visit http://www.dosarrest.com/en/blog/91-a-call-to-network-providers-to-end-ip-spoofing.html
Last week, I was contacted by Joel Abramson, who is one of the principles over at Packetsafe Networks, he was on a search for some DDoS protection for one of their managed hosting customers. As you can well imagine given a name like Packetsafe, they focus on security for their customers, which include companies in the medical field, ecommerce retailers and e-gaming. Their customers are spread out over a number of locations and providing good DDoS protection for all of them would be cost prohibitive. They also realize, that their network providers will not be able to handle the complex Denial of Service attacks that exist today.
For more information on this, please visit http://www.dosarrest.com/en/blog/94-packetsafe-networks-corp-adds-dosarrest-to-its-service-offerings-.html
DDoS Protection for ISP’s and Hosting Providers
June 20, 2010
It still amazes me that some network providers and managed hosting providers have no real solution in place to stop DDoS attacks. I know that from talking to more than a few operators of e-commerce websites that they can’t go with any provider that does not have a solution to this problem. I suspect that some hosting and network providers feel that DoS attacks are so rare, that they not bother to have anything in place. After quizing a few Internet bandwidth providers, they tell me. “Why should I spend 200K+, buying specialized DDoS mitigation gear when I may never need it”.
For more information on this, please visit http://www.dosarrest.com/en/blog/97-ddos-protection-for-isps-and-hosting-providers.html
