| Forum Index > SC2 General |
Moderator note: The instructions in this thread will do nothing to protect you from a DDoS attack. The only way to prevent an attack is to avoid your IP address becoming public. | ||
|
pmp10
3390 Posts
On September 04 2012 05:41 LunaSea wrote: Yes that's why you have a white-list, so that your tcp window won't be full of corrupted packets. Your tcp connection (window?) will receive only what gets through the ISP/buffers ect. So essentially not much - certainly very little of what you are hoping for. | ||
|
LunaSea
Luxembourg369 Posts
On September 04 2012 05:46 Pumplekin wrote: Sadly, while you are using technical words, I don't think you really know exactly what they mean. I'd suggest stopping digging a bigger hole for yourself and be thankful TL is a relatively nice and friendly place  1) - Look at the code. 2) - Come back latter When your best advice is : "be nice to your ISP", I don't think you can consider yourself qualified. Nice contribution btw. | ||
|
LunaSea
Luxembourg369 Posts
On September 04 2012 05:47 pmp10 wrote: Your tcp connection (window?) will receive only what gets through the ISP/buffers ect. So essentially not much - certainly very little of what you are hoping for. The TCP window is a buffer. Nice try mister professional. And your router definetly gets A LOT of packets in a DDoS situation. | ||
|
karpo
Sweden1998 Posts
On September 04 2012 05:51 LunaSea wrote: 1) - Look at the code. 2) - Come back latter When your best advice is : "be nice to your ISP", I don't think you can consider yourself qualified. Nice contribution btw. I've seen this before in so many threads. People post long OP's about an issue and how to solve it yet when they're shot down by people with more knowledge they get very defensive. I'm sorry but this isn't a solution to the problem, dude. On September 04 2012 05:51 LunaSea wrote: The TCP window is a buffer. Nice try mister professional. And your router definetly gets A LOT of packets in a DDoS situation. He's talking about the transmit buffers on network equipment, not TCP bufffers. Your TCP window won't even get much of anything as equipment ISP side will drop packets before they even reach the router. | ||
|
Nightwatch
13 Posts
You say normally the router will inspect the complete packet and test against any protocol but there is no point in that. (and no router does that <.<) Unless you started the session the firewall should just bock the packet, so you won't need to do more than to check the session table. tl;dr spi? | ||
|
KrazyTrumpet
United States2520 Posts
| ||
|
Pumplekin
United Kingdom50 Posts
On September 04 2012 05:56 Nightwatch wrote: I don't really get the point of this solution, any normal "home" router will block wan requests by default. All you do is setup a whitelist so all other requests are discarded. ...correct? You say normally the router will inspect the complete packet and test against any protocol but there is no point in that. (and no router does that <.<) Unless you started the session the firewall should just bock the packet, so you won't need to do more than to check the session table. tl;dr; spi? Yup, it won't be in the NAT table, so it will go in the bin by default. ACL'ing it MAY save a tiny bit of CPU (it might not, it depends on how the CPE is designed). If you are talking IPv6, or a non-NAT'ing connection, things would be different, but I think we can safely assume almost everyone is using IPv4 and NAT on the CPE (and mostly I have been in this thread). I'm also starting to suspect this may be a massive troll thread. At least I'm hoping it is | ||
|
LunaSea
Luxembourg369 Posts
On September 04 2012 05:56 Nightwatch wrote: I don't really get the point of this solution, any normal "home" router will block wan requests by default. All you do is setup a whitelist so all other requests are discarded. ...correct? You say normally the router will inspect the complete packet and test against any protocol but there is no point in that. (and no router does that <.<) Unless you started the session the firewall should just bock the packet, so you won't need to do more than to check the session table. tl;dr; spi? Yes, but how does the firewall know if this packet isn't starting a session ? The router has to look at the packet and see if this is a valid packet that is actually starting a session in one of the supported protocols. | ||
|
pmp10
3390 Posts
On September 04 2012 05:51 LunaSea wrote: The TCP window is a buffer. Nice try mister professional. Pretty sure it isn't. Last I recall buffer was a kind of a memory while a window a part of TCP packet but maybe things have changed. | ||
|
Nightwatch
13 Posts
On September 04 2012 06:01 LunaSea wrote: Yes, but how does the firewall know if this packet isn't starting a session ? The router has to look at the packet and see if this is a valid packet that is actually starting a session in one of the supported protocols. Simple, you don't start a new session from outside of the network. | ||
|
Pumplekin
United Kingdom50 Posts
Still, your ISP's access kit has a full TX buffer, and you still haven't fixed that. | ||
|
LunaSea
Luxembourg369 Posts
On September 04 2012 06:06 pmp10 wrote: + Show Spoiler + On September 04 2012 05:51 LunaSea wrote: The TCP window is a buffer. Nice try mister professional. Pretty sure it isn't. Last I recall buffer was a kind of a memory while a window a part of TCP packet but maybe things have changed. The simplest way of considering the window size is that it indicates the size of the device's receive buffer for the particular connection. -- http://www.tcpipguide.com/free/t_TCPWindowSizeAdjustmentandFlowControl.htm plz ... | ||
|
Hryul
Austria2609 Posts
| ||
|
trGKakarot
United States129 Posts
| ||
|
LunaSea
Luxembourg369 Posts
On September 04 2012 06:13 trGKakarot wrote: I will admit I only skimmed this thread (since it seems like if somebody solved DDoS attacks they would be getting a lot more traction than a random thread on TL), but from what I gather the OP is assuming that an ISP will send an infinite amount of data to your router and filtering out bad IP addresses at your router level will solve the problem since then you only accept "x" amount of data? Yes, except it's not your ISP sending the data originally, but a bunch of hacked computers rented by a random kid. | ||
|
nemonic
132 Posts
| ||
|
Pumplekin
United Kingdom50 Posts
There is quite a lot to know about TCP really, I'm far from an expert in the real ins and outs of it, it is a surprisingly deep topic for something that mostly "just works" (although I'm more than happy to answer any questions up to my knowledge level). | ||
|
trGKakarot
United States129 Posts
On September 04 2012 06:15 LunaSea wrote: Yes, except it's not your ISP sending the data originally, but a bunch of hacked computers rented by a random kid. Right, but you are only connected to the outside world through your ISP (unless they are somehow on your intranet, which means you have a bigger problem). Maybe I am missing something... | ||
|
LunaSea
Luxembourg369 Posts
On September 04 2012 06:17 trGKakarot wrote: Right, but you are only connected to the outside world through your ISP (unless they are somehow on your intranet, which means you have a bigger problem). Maybe I am missing something... Yes but what I meant is this : A --> sends a packet to B --> who forwards it to C Where : A is the attacker, B your ISP, and C is you. A is the one the packets originate from and B only forwards it to the destination indicated in the packet. | ||
|
pmp10
3390 Posts
On September 04 2012 06:10 LunaSea wrote: -- http://www.tcpipguide.com/free/t_TCPWindowSizeAdjustmentandFlowControl.htm plz ... Please look up those terms somewhere more reputable, Gross oversimplification and completely mismatched definitions won't help your education. Buffer is about as much a TCP window as operating system is a RAM. TCP window can set buffer size but they are completely different things. | ||
| ||
|
|
Replay Cast
Replay Cast
Afreeca Starleague
Light vs Calm
Royal vs Mind
Wardi Open
Monday Night Weeklies
OSC
Sparkling Tuna Cup
Afreeca Starleague
Rush vs PianO
Flash vs Speed
Replay Cast
Afreeca Starleague
BeSt vs Leta
Queen vs Jaedong
[ Show More ] |
|
|
EPT
