Is there a line of defense against Distributed Reflective attacks?
hc
haesu at towardex.com
Fri Jan 17 04:57:06 UTC 2003
>
>Normally that's not very productive as they are mostly owned boxes that
>will be rebuilt and reowned in days :(
>
I agree, keeping track of the attacks would not be very useful nor
helpful. I bet if more ISP's would implement egress filtering on their
border routers, it'd help quite a bit. Of course, egress filters don't
solve the issue. But considering most script kiddies' intelligence level
is limited, it will help at least a bit. :-) The problem with egress
filtering is that it's mostly applicable at the end tier2+ level, not at
the backbones, which means a lot of ISP's who are oblivious on what it
is (or some cases where egress filter breaks their network setup).
-hc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20030116/41b3714d/attachment.html>
More information about the NANOG
mailing list