[Home] [Groups] - Message: [Prev in Group] [Next in Group]

nu.kanga.list.mud-dev

13100: Re: [MUD-Dev] DDoS

[Full Header] [Plain Text]
From: "Lazarus" <lazarus@ourplace.org>
Newsgroups: nu.kanga.list.mud-dev
Date: Sat, 15 Apr 2000 12:11:53 -0700
References: [1]
Organization: Kanga.Nu
----- Original Message -----
From: Morten Andresen <morten@mgon.com>
To: <mud-dev@kanga.nu>
Sent: Saturday, April 15, 2000 5:16 AM
Subject: [MUD-Dev] DDoS


> Ola Fosheim Gr=F8stad wrote on the 12th april 2000:
> > Some IRC maintainers are talking about dropping the service because o=
f
> > denial of service attacks (DoS), the equivalent of link-spamming.  Th=
ere
> > is also something called a distributed DoS (DDoS), which means that t=
he
> > attack comes from more than one source, maybe thousands of sources. T=
hus
> > blocking the attack is difficult.
>
> > I wonder what you guys are doing to protect yourself from this.  Have
> > you thought about how much damage a banned phreak could cause you? Ma=
ybe
> > even put you completely out of business?
>
> > (I have some vague ideas that may reduce the DoS problem, but none th=
at
> > are definitive...)
>
>
> I'll start out by saying that if the hacker/cracker really wants to gai=
n
> access to your machine, or bring it to a crash, then he will succeed. I=
f
> he's a mere "scipt kiddie" on the other hand there are several things y=
ou
> can do to prevent a great deal of damage from occuring. A lot of this
> depends on the amount of access you have to the machine the MUD is runn=
ing
> on, as many of the smaller MUDs don't have a dedicated server, in which
case
> you will have to consult with the server admin. However, if you do have
> complete access to the machine the first thing I would suggest would be=
 to
> disable "ping" (ICMP packets), and depending on the sort of MUD, also
"UDP".
> Of course this depends on the sort of firewall you're running (I would
> suggest 'ipchains' - it comes with all newer (From Red Hat 6.0 (I can't
> remember the exact version number in which the other distributors inclu=
ded
> it)) linux distributions. To ignore all ICMP (ping requests etc.) you
would
> type:
>

I dunno.  Given the choice of leaving an avenue open for a dedicated DDoS
attacker and being a bad net citizen, I don't think my mud is worth the p=
rob
lems associated with blocking ICMP's.  A commercial service clearly needs=
 a
well trained IT department who knows how to program their Cisco routers a=
nd
a response team to react to DDoS attacks.  For me, ICMP rationing protect=
s
me from the "script kiddie with a faster link than me" without any of the
headaches caused by having a machine that doesn't ping.




_______________________________________________
MUD-Dev mailing list
MUD-Dev@kanga.nu
http://www.kanga.nu/lists/listinfo/mud-dev