Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: WANTED: ISPs with DDoS defense solutions

  • From: Jack Bates
  • Date: Fri Aug 01 07:13:24 2003

McBurnett, Jim wrote:
if *all* dsl and cablemodem plants firewalled inbound SYN packets and/or
only permitted inbound UDP in direct response to prior valid outbound UDP,
would rob really have seen a ~140Khost botnet this year?
In a sense, I would agree with you. The best method for what you describe is, of course, NAT. However, I can think of a lot of protocols that won't work with it properly. While a large portion of the userbase doesn't notice, vendors trying to put out products with these protocols do notice and their technologies are delayed as a result.

In addition, your logic will not stop bots installed via email. It doesn't have to be a worm. Enough end users will click the exe themselves despite the fact they have no clue what it is or who it's from. They are curious, so they open it. Each week, I have to explain to a user who's account I suspended that curiousity killed the cat. I Gigs of executables from email to help protect the majority of our user base, and yet they go to some webmail provider to get infected or just sit on irc or accept files across instant messenger. So much for network security. Now they have a bot sitting behind NAT with a source started irc uplink for commands. It's a good thing my network is multi-staged spoof protected both ways.


Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.