WANTED: ISPs with DDoS defense solutions

Rob Thomas robt at cymru.com
Wed Aug 6 03:33:50 UTC 2003


Hi, NANOGers.

] leaving the spoofing option open for future generations of attacks,
] rather than having a witch-hunt and tracking down and upgrading every
] insecure edge, is just about the worst thing we could do.

When I first looked at this problem back in March 2001, I did a
study of one often attacked web site.  The data showed that 66.85%
of all the source addresses hitting the site were *obvious* bogons,
e.g. RFC1918, unallocated prefixes, etc.  That is 66.85% of all
naughty packets that this site never should have received.  What
was the total percentage of spoofed source packets?  That was
anyone's guess.

You can see this in a presentation I did entitled "60 Days of Basic
Naughtiness":

   <http://www.cymru.com/Presentations/60Days.zip>

Since then things have changed in many ways, but the mitigation of
spoofing, be it bogon or otherwise, is an improvement.  It takes
another tool out of their toolbox.  We win this battle by degrees.

Thanks,
Rob.
-- 
Rob Thomas
http://www.cymru.com
ASSERT(coffee != empty);




More information about the NANOG mailing list