North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: [long] Re: DDoS: CAR vs TCP-Intercept vs NetFlow
- From: Paul Ferguson
- Date: Mon Feb 28 23:35:25 2000
At 11:15 PM 02/28/2000 -0500, Richard Steenbergen wrote:
>Be careful with flow when dealing with random src or random dst (for
>example, an attack which elicits a victim system to send replies to random
>destinations) attacks, or it may not help you much (as the flow cache gets
>max'd).
Just like they say about vitamin fortified cereals, "it's in there".
The flow-switching creature features have enough functionality to
trace an attacker back to its source. Yes, its painful. Yes, it has
to be done in real-time. Yes, actually, it has been done before. No,
there is no other real way to do it.
People: Start source filtering so we can get beyond these inane
discussions.
- paul
|
