Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Is there a line of defense against Distributed Reflective attacks?

  • From: hc
  • Date: Thu Jan 16 23:08:02 2003


Because syn cookies are available on routing gear??? Either way syn
cookies are not going to keep the device from sending a 'syn-ack' to the
'originating host'.
  
True.. At least it will have some stop in the amount of attacks.

It is quite unfortunate that it is impossible to control the 'ingress' point of attack flow. Whenever there is a DoS attack, the only way to drop it is to null route it (the method you have devised) over BGP peering, but that knocks the victim host off the 'net... :-(

-hc




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.