North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Is there a line of defense against Distributed Reflective attacks?
- From: Michael Lamoureux
- Date: Thu Jan 23 21:51:31 2003
"alex" == alex <alex@yuriev.com> writes:
>> > > Sure, but this like all other attacks of this sort can be
>> > > tracked... and so the pain is over /quickly/ provided you can
>> > > track it quickly :) Also, sometimes null routes are ok.
>> >
>> > How quickly is quickly? Often times as has been my recent
>> > experience (part of my motivation for posting this thread) the
>> > flood is over before one can get a human being on the phone.
>>
>> Once the call arrives and the problem is deduced it can be tracked
>> in a matter of minutes, like 6-10 at the fastest...
alex> So if one wants to create a really nasty, largely untrackable
alex> problem, one just needs to mount a set of attacks that last 3-4
alex> minutes at a time?
Sure, that's one way to make it difficult.
alex> This is a very bad band-aid. The solution is amazingly simple -
Just to be clear, the solution to WHAT is amazingly simple?
alex> make it uneconomical to have unprotected networks,
For whom to have unprotected networks? What constitutes a protected
network? How does one make it uneconomical enough?
wondering,
Michael
|
