Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow

  • From: Paul Ferguson
  • Date: Mon Feb 28 23:35:25 2000

At 11:15 PM 02/28/2000 -0500, Richard Steenbergen wrote:

>Be careful with flow when dealing with random src or random dst (for
>example, an attack which elicits a victim system to send replies to random
>destinations) attacks, or it may not help you much (as the flow cache gets
>max'd).

Just like they say about vitamin fortified cereals, "it's in there".

The flow-switching creature features have enough functionality to
trace an attacker back to its source. Yes, its painful. Yes, it has
to be done in real-time. Yes, actually, it has been done before. No,
there is no other real way to do it.

People: Start source filtering so we can get beyond these inane
discussions.

- paul






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.