Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: FW: Re: Is there a line of defense against Distributed Reflectiveattacks?

  • From: Christopher L. Morrow
  • Date: Sun Jan 19 01:10:49 2003


On Sat, 18 Jan 2003, Avleen Vig wrote:

> On Sat, 18 Jan 2003, Christopher L. Morrow wrote:
>
> > > Eliminating spoofed addresses from the backbone, even if it were possible
> > > to do 100%, would not eliminate denial of service attacks. The DDoS attacks
> >
> > This was precisely the point of Mr. Gill from AOL at the aforementioned
> > NANOG meeting, I believe his quote goes something like: "The ip address
> > used for the attack is orthogonal to the problem..." To me this makes
> > perfect sense... People really do get stuck on the red herring of
> > 'stopping all spoofing'. That isn't the problem, as you say below here its
> > trivial to use owned hosts by the thousands to attack with unspoofed
> > addresses... Rob Thomas has some good data on attacks against IRC
> > servers and other hosts on the internet, his data last I recall was
> > something like 80% of attacks use spoofed addresses, though more and more
> > his tracked attacks are showing from non-spoofed hosts. He can certainly
> > jump in and correct me though :) I can speak authoritatively from the
> > network I work on's perspective on this issue, more and more we have seen
> > non-spoofed attacks. There are still plenty of spoofed attacks, but
> > frankly we prefer that as its MUCH easier to track and stop.
>
> you could partly get around this by blocking all 'SYN' packets going to
> your customers :-)

and we are hoping none are hosting webservers or mail servers or....
right? Oh wait! I'll just make them use my datacenters, right?? or were
you not talking about the attacks?


> Unless/until the kiddies start using UDP... messy.
>





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.