Re: Is there a line of defense against Distributed Reflective attacks?
Date: Thu Jan 16 23:08:02 2003
Because syn cookies are available on routing gear??? Either way syn
cookies are not going to keep the device from sending a 'syn-ack' to the
True.. At least it will have some stop in the amount of attacks.
It is quite unfortunate that it is impossible to control the 'ingress' point
of attack flow. Whenever there is a DoS attack, the only way to drop it is
to null route it (the method you have devised) over BGP peering, but that
knocks the victim host off the 'net... :-(