A first step in protecting against distributed denial-of-service attacks is fairly easy. A bunch of reputable internet monitoring firms/agencies get together (or even separately) publish lists of IP addresses they believe to be zombies.
Every computer, perhaps as a standard part of windows or as a antivirus software, checks its own IP address against this list. The key is not to have the list stored statically on a website (such a website would be the target of a DDOS attack) but instead use some distributed or peer-to-peer method of distributing the list, for example bittorrent, DNS, or freenet.
No comments :
Post a Comment