Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: WANTED: ISPs with DDoS defense solutions

  • From: Rob Thomas
  • Date: Tue Aug 05 23:35:56 2003

Hi, NANOGers.

] leaving the spoofing option open for future generations of attacks,
] rather than having a witch-hunt and tracking down and upgrading every
] insecure edge, is just about the worst thing we could do.

When I first looked at this problem back in March 2001, I did a
study of one often attacked web site.  The data showed that 66.85%
of all the source addresses hitting the site were *obvious* bogons,
e.g. RFC1918, unallocated prefixes, etc.  That is 66.85% of all
naughty packets that this site never should have received.  What
was the total percentage of spoofed source packets?  That was
anyone's guess.

You can see this in a presentation I did entitled "60 Days of Basic
Naughtiness":

   <http://www.cymru.com/Presentations/60Days.zip>

Since then things have changed in many ways, but the mitigation of
spoofing, be it bogon or otherwise, is an improvement.  It takes
another tool out of their toolbox.  We win this battle by degrees.

Thanks,
Rob.
-- 
Rob Thomas
http://www.cymru.com
ASSERT(coffee != empty);





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.