DDOS prevention offensive.

Jason Slagle raistlin at tacorp.net
Thu Jul 12 17:19:26 UTC 2001


On Thu, 12 Jul 2001, Bill Larson wrote:

> 
> Well to sum it up in one sentence. If you eliminate the bogus addresses, you
> can then target the actual zombie machines used to attack the site and
> eventually eliminate the risk via patching or null route them. So filtering
> bogus addresses, non-routable addresses, and the addresses, which do not
> belong to your net blocks, would serve to combat the denial of service
> attacks.


I believe the attacks in question are actually non-spoofed.

It's getting the source networks to remove the boxes that is the
problem.  Most of them are .edu.

-- 
Jason Slagle - CCNP - CCDP
Network Administrator - Toledo Internet Access - Toledo Ohio
- raistlin at tacorp.net - jslagle at toledolink.com - WHOIS JS10172
/"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
\ /   ASCII Ribbon Campaign  .  Interim Team Lead - . Admin -
 X  - NO HTML/RTF in e-mail  .        Coders        .   wombat.dal.net
/ \ - NO Word docs in e-mail . Team Lead - Exploits . DALnet IRC Network






More information about the NANOG mailing list