How to Keep DDoS Tools from Getting You Down

• Pay attention to your machines!

• Egress filter your network, i.e. make sure whatever comes out of your network only has source addresses that belong to you

• Ingress filter – confirm that packets coming to you have source addresses that aren’t on your inside network

• Use tcpdump on Solaris or Linux to capture logs, and report incident to law enforcement (NIPC)

tcpdump –i interface –s 1500 –w capture_file

snoop –d interface –o capture_file –s 1500

Previous slide

Next slide

Back to first slide

View graphic version