WANTED: ISPs with DDoS defense solutions

Petri Helenius pete at he.iki.fi
Thu Jul 31 13:23:50 UTC 2003



I would say that because backdoored hosts are easily available in large
quantities, spoofing does not make sense and usually alarms various systems
more quickly than packets from legitimate addresses.

Pete

----- Original Message ----- 
From: <variable at ednet.co.uk>
To: "Rob Thomas" <robt at cymru.com>
Cc: "NANOG" <nanog at merit.edu>
Sent: Thursday, July 31, 2003 4:17 PM
Subject: Re: WANTED: ISPs with DDoS defense solutions


> 
> On Wed, 30 Jul 2003, Rob Thomas wrote:
> 
> > I've tracked 1787 DDoS attacks since 01 JAN 2003.  Of that number,
> > only 32 used spoofed sources.  I rarely see spoofed attacks now.
> 
> Do you have any ideas as to why that is?  Is it due to more providers 
> doing source filtering?  It wouldn't make sense for attackers to become 
> less sophisticated unless they became more difficult to catch for other 
> reasons (e.g. botnets getting bigger).
> 
> Rich
> 
> 



More information about the NANOG mailing list