Is there a line of defense against Distributed Reflective attacks?

• Previous message (by thread): Is there a line of defense against Distributed Reflective attacks?
• Next message (by thread): Is there a line of defense against Distributed Reflective attacks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 17 Jan 2003 00:03:56 EST, hc said:
> It will help of course, but really not The solution... Or is there one?

In this industry, anybody who advertises The Solution should automatically
be considered a snake oil salesman.  There's no One Great Answer, because
there's more than one question.  There's a LOT of things that would help:
 
Ingress filtering
Egress filtering
Clued incident response teams
Systems not shipped insecure by default.

etc etc etc.  You've heard them all, I've said them all, they all address
parts of the problem.  Nothing addresses all of it.

Ingress/egress filtering would help in some cases of a DDoS packet flood.

Ingress/egress filtering doesn't do squat when Nimda is on a burn.
-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20030117/6d0bd95e/attachment.sig>

• Previous message (by thread): Is there a line of defense against Distributed Reflective attacks?
• Next message (by thread): Is there a line of defense against Distributed Reflective attacks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]