Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: FW: Re: Is there a line of defense against Distributed Reflective attacks?

  • From: Johannes Ullrich
  • Date: Sun Jan 19 09:40:34 2003

> *shrug* just seems like it would make more sense to block all incoming
> 'syn' packets.
> Wouldn't that be faster than inspecting the destination port against two
> seperate rules?

blocking all SYN's will break too much other stuff (Instant Messangers,
games ...). I think we would be much better off if they (consumer ISPs)
would block 135-139 and 445, maybe 21 and 80.

The rest could be handled with a simple IDS (doesn't even need
to match patterns... just count packets going to 27374 and the like)

I keep saying ISPs would be much better off if they implement these 
filters. But not all of them agree. IMHO: less 'zombies' -> better
service -> less support phonecalls.



-- 
--------------------------------------------------------------------
jullrich@euclidian.com             Collaborative Intrusion Detection
                                         join http://www.dshield.org

Attachment: pgp00011.pgp
Description: PGP signature




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.