Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Source address validation (was Re: UUNet Offer New Protection

  • From: Paul Vixie
  • Date: Sun Mar 07 02:33:47 2004

sean@donelan.com (Sean Donelan) writes:

> > Try saying that after running a major DDoS target, with "HIT ME" your
> > forehead.  No offense Sean but I'd like you to back your claim up with
> > some impirical data first.
> 
> Has the number of DDOS attacks increased or decreased in the last few
> years has uRPF has become more widely deployed?

the number of spoofed-source attacks is down only-slightly.

> Do you have any evidence the number of attacks are decreasing?

the overall number of attacks and their volume seems to be decreasing
ever-so-slightly, but the ferocity of the attacks that come through seems
to be increasing more-than-slightly.

and, when defending against one of these, every valid source address is
worth its figurative weight in gold, and constitutes a minor compromise
for the attacker, even if the host it helps to identify is disposable,
easily replaced, and difficult to repair.

[ of course, sean, i could just be making that part up.  but since i keep
saying it and since i get attacked pretty frequently, i might be telling
the truth.  it could be worth assuming a little credibility and seeing
where that leads you.  (but, we digress.) ]
-- 
Paul Vixie




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.