DNS DDOS

[Matthew Carpenter]

The sad part about this is that a simple rate-limit on ICMP traffic on a
Linux NetFilter firewall could have kept each of these systems afloat.

:)

For those of you administering firewalls, you might want to make sure
you have a rate-limit for ICMP in your ruleset.

This was a simple DDOS, and future ones could involve more sophisticated
means, but this is elementary stuff taken to a large scale.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.linux-sxs.org/pipermail/linux-users/attachments/20021024/8ffff91c/attachment.pgp