WANTED: ISPs with DDoS defense solutions

• Previous message (by thread): WANTED: ISPs with DDoS defense solutions
• Next message (by thread): WANTED: ISPs with DDoS defense solutions
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi, NANOGers.

Ooooo, you just knew I'd have to chime in eventually.  :)

] 1) The OS/software/default settings for a lot of internet connected
] machines are weak, making it easy to attack from multiple locations.

Yep, quite true.  Vulnerable hosts are a commodity, not a scarce
resource.  There are 728958 entries in my hacked device database
since 01 JAN 2003 that attest to this fact.

] 2) A lot of networks have no customer or egress filtering and make it a
] lot more difficult to trace DDoS traffic because it generally uses faked
] source addresses.

I've tracked 1787 DDoS attacks since 01 JAN 2003.  Of that number,
only 32 used spoofed sources.  I rarely see spoofed attacks now.
When a miscreant has 140415 bots (the largest botnet I've seen
this year), spoofing the source really isn't a requirement.  :|

Filtering the bogons does help, and everyone should perform
anti-spoofing in the appropriate places.  It isn't, however, a
silver bullet.

Thanks,
Rob.
-- 
Rob Thomas
http://www.cymru.com
ASSERT(coffee != empty);

• Previous message (by thread): WANTED: ISPs with DDoS defense solutions
• Next message (by thread): WANTED: ISPs with DDoS defense solutions
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]