Odd DDoS, anyone else seen this?
variable at ednet.co.uk
variable at ednet.co.uk
Mon Nov 25 14:03:14 UTC 2002
On Mon, 25 Nov 2002, Stephen J. Wilcox wrote:
> Glad to know its not just me..
DDoS is a problem for everyone, but only a few people seem to be trying to
do anything about it.
> FYI x.x.0.0 is a valid host address as is x.x.x.0 and it would be
> technically incorrect to block it assuming it to be a network address
> and therefore bogon.
Agreed, but did a we quick risk analysis and we thought blocking the DDoS
was the lesser of the two evils. Again, if anyone is actually using
x.x.0.0 addresses for hosts it would be useful to know.
> However this may be a way to do it if we see another attack, altho I
> would strongly recommend against filtering x.x.x.0 I would doubt that
> there are any valid x.x.0.0 host on the internet so could filter on
> that..
That's what I expected, but wanted to see what effect it would have on
legitimate traffic first. Again, it would be useful to know if anyone is
dropping hosts on to x.x.x.0 as well.
I know that these are both legitimate IP addresses, but if they are only
being used for DDoS then surely we should look at locking them down (in
the same way as broadcast packets have been)?
Rich
More information about the NANOG
mailing list