[MUD-Dev] DDoS

Lazarus lazarus at ourplace.org
Sat Apr 15 12:11:53 CEST 2000


----- Original Message -----
From: Morten Andresen <morten at mgon.com>
To: <mud-dev at kanga.nu>
Sent: Saturday, April 15, 2000 5:16 AM
Subject: [MUD-Dev] DDoS


> Ola Fosheim Gr=F8stad wrote on the 12th april 2000:
> > Some IRC maintainers are talking about dropping the service because o=
f
> > denial of service attacks (DoS), the equivalent of link-spamming.  Th=
ere
> > is also something called a distributed DoS (DDoS), which means that t=
he
> > attack comes from more than one source, maybe thousands of sources. T=
hus
> > blocking the attack is difficult.
>
> > I wonder what you guys are doing to protect yourself from this.  Have
> > you thought about how much damage a banned phreak could cause you? Ma=
ybe
> > even put you completely out of business?
>
> > (I have some vague ideas that may reduce the DoS problem, but none th=
at
> > are definitive...)
>
>
> I'll start out by saying that if the hacker/cracker really wants to gai=
n
> access to your machine, or bring it to a crash, then he will succeed. I=
f
> he's a mere "scipt kiddie" on the other hand there are several things y=
ou
> can do to prevent a great deal of damage from occuring. A lot of this
> depends on the amount of access you have to the machine the MUD is runn=
ing
> on, as many of the smaller MUDs don't have a dedicated server, in which
case
> you will have to consult with the server admin. However, if you do have
> complete access to the machine the first thing I would suggest would be=
 to
> disable "ping" (ICMP packets), and depending on the sort of MUD, also
"UDP".
> Of course this depends on the sort of firewall you're running (I would
> suggest 'ipchains' - it comes with all newer (From Red Hat 6.0 (I can't
> remember the exact version number in which the other distributors inclu=
ded
> it)) linux distributions. To ignore all ICMP (ping requests etc.) you
would
> type:
>

I dunno.  Given the choice of leaving an avenue open for a dedicated DDoS
attacker and being a bad net citizen, I don't think my mud is worth the p=
rob
lems associated with blocking ICMP's.  A commercial service clearly needs=
 a
well trained IT department who knows how to program their Cisco routers a=
nd
a response team to react to DDoS attacks.  For me, ICMP rationing protect=
s
me from the "script kiddie with a faster link than me" without any of the
headaches caused by having a machine that doesn't ping.




_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
http://www.kanga.nu/lists/listinfo/mud-dev



More information about the mud-dev-archive mailing list