Subject: Re: Melting down your network
To: NetBSD Kernel Technical Discussion List <tech-kern@NetBSD.ORG>
From: Jonathan Stone <jonathan@dsg.stanford.edu>
List: tech-kern
Date: 03/28/2005 14:49:56
In message <m1DG2u4-0024fjC@building.weird.com>"Greg A. Woods" writes
>[ On Monday, March 28, 2005 at 08:39:15 (+0200), Emmanuel Dreyfus wrote: ]
>> Subject: Re: Melting down your network
>>
>> With IGMP snooping enabled
>> switches, the machines not participating to the operation can still use
>> the network.  
>
>Well, no, they can only use those portions of the network hidden behind
>the bridges created by the switch.  Machines that are not participating
>will still not be able to network with the machines that are during your
>packet storms.  That's not how shared networks are supposed to work.
>
>If you want to blast data at a another machine (or set of machines) at
>full wire speed then you should install proper point-to-point links that
>can guarantee the performance you wish to see.  That'll let you
>eliminate any unncessary overhead inherent in all shared network
>protocols too.


I think you're thinking of IGMP-aware switches.  In context, i suspect
Emmanuel meant switches that do per-port snooping, of which hosts in a
given Ethernet broadcast domain have joined which IGMP groups, and
filter (or don't filter) IP-multicast traffic accordingly.

Even that doesn't prevent DDoS: all the sender has to do is guess at
an (non-local-scope) IGMP group which hosts are likley to have joined.

I can think of at least one port where the load of a DDOS attack could
constitute not just a DDOS attack, but an security attack as well.