Is there a line of defense against Distributed Reflective attacks?

• Previous message (by thread): Is there a line of defense against Distributed Reflective attacks?
• Next message (by thread): Is there a line of defense against Distributed Reflective attacks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

] Because syn cookies are available on routing gear??? Either way syn
] cookies are not going to keep the device from sending a 'syn-ack' to the
] 'originating host'.

Agreed.  SYN cookies also won't drain a pipe full of malevolent packets.
Any response the target is able to send during a TCP amplification
attack is a bonus prize, but is not required for the attack to succeed.

-- 
Rob Thomas
http://www.cymru.com
ASSERT(coffee != empty);

• Previous message (by thread): Is there a line of defense against Distributed Reflective attacks?
• Next message (by thread): Is there a line of defense against Distributed Reflective attacks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]