Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: WANTED: ISPs with DDoS defense solutions

  • From: Christopher L. Morrow
  • Date: Tue Aug 05 15:05:40 2003



>
> On Tue, 5 Aug 2003, Christopher L. Morrow wrote:
>
> > > Spoofed packets are harder to trace to the source than non-spoofed
> > > packets. Knowing where a malicious packet is very important to the
> >
> > this is patently incorrect: www.secsup.org/Tracking/ has some information
> > you might want to review. Tracking spoofed attacks is infact EASIER than
> > non-spoofed attacks, especially if your network has a large 'edge'.
>
> Errr... you don't need to _track_ non-spoofed attacks - you _know_ where
> the source is.  Instead of going box to box back to the source (most
> likely across several providers) you can immediately go to _their_
> provider.

so long as you are sure they aren't spoofed, yes. The point I mis-made was
that tracking the spoofed attacks back to your edge is quicker since in
many cases the non-spoofed attacks come from 'everywhere' so blocking
traffic becomes a null route very quickly :( (unless the upstreams from
your edge device can absorb the load and the protocol/ports being flooded
are not critical to the business of the box being hammered.




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.