FW: Re: Is there a line of defense against Distributed Reflective attacks?
Christopher L. Morrow
chris at UU.NET
Sun Jan 19 06:08:20 UTC 2003
On Sat, 18 Jan 2003, Avleen Vig wrote:
> On Sat, 18 Jan 2003, Christopher L. Morrow wrote:
>
> > > Eliminating spoofed addresses from the backbone, even if it were possible
> > > to do 100%, would not eliminate denial of service attacks. The DDoS attacks
> >
> > This was precisely the point of Mr. Gill from AOL at the aforementioned
> > NANOG meeting, I believe his quote goes something like: "The ip address
> > used for the attack is orthogonal to the problem..." To me this makes
> > perfect sense... People really do get stuck on the red herring of
> > 'stopping all spoofing'. That isn't the problem, as you say below here its
> > trivial to use owned hosts by the thousands to attack with unspoofed
> > addresses... Rob Thomas has some good data on attacks against IRC
> > servers and other hosts on the internet, his data last I recall was
> > something like 80% of attacks use spoofed addresses, though more and more
> > his tracked attacks are showing from non-spoofed hosts. He can certainly
> > jump in and correct me though :) I can speak authoritatively from the
> > network I work on's perspective on this issue, more and more we have seen
> > non-spoofed attacks. There are still plenty of spoofed attacks, but
> > frankly we prefer that as its MUCH easier to track and stop.
>
> you could partly get around this by blocking all 'SYN' packets going to
> your customers :-)
and we are hoping none are hosting webservers or mail servers or....
right? Oh wait! I'll just make them use my datacenters, right?? or were
you not talking about the attacks?
> Unless/until the kiddies start using UDP... messy.
>
More information about the NANOG
mailing list