Is there a line of defense against Distributed Reflective attacks?

• Previous message (by thread): Is there a line of defense against Distributed Reflective attacks?
• Next message (by thread): Is there a line of defense against Distributed Reflective attacks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>
>
>
>Because syn cookies are available on routing gear??? Either way syn
>cookies are not going to keep the device from sending a 'syn-ack' to the
>'originating host'.
>  
>
True.. At least it will have some stop in the amount of attacks.

It is quite unfortunate that it is impossible to control the 'ingress' 
point of attack flow. Whenever there is a DoS attack, the only way to 
drop it is to null route it (the method you have devised) over BGP 
peering, but that knocks the victim host off the 'net... :-(

-hc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20030116/4a974023/attachment.html>

• Previous message (by thread): Is there a line of defense against Distributed Reflective attacks?
• Next message (by thread): Is there a line of defense against Distributed Reflective attacks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]