Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Is there a line of defense against Distributed Reflective attacks?

  • From: Christopher L. Morrow
  • Date: Thu Jan 16 23:13:41 2003


On Thu, 16 Jan 2003, hc wrote:

> >
> >
> >
> >Because syn cookies are available on routing gear??? Either way syn
> >cookies are not going to keep the device from sending a 'syn-ack' to the
> >'originating host'.
> >
> >
> True.. At least it will have some stop in the amount of attacks.
>
> It is quite unfortunate that it is impossible to control the 'ingress'
> point of attack flow. Whenever there is a DoS attack, the only way to
> drop it is to null route it (the method you have devised) over BGP
> peering, but that knocks the victim host off the 'net... :-(
>

Sure, but this like all other attacks of this sort can be tracked... and
so the pain is over /quickly/ provided you can track it quickly :) Also,
sometimes null routes are ok.





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.