I don't need no stinking firewall!

Jared Mauch jared at puck.nether.net
Wed Jan 6 13:42:37 UTC 2010

On Jan 6, 2010, at 3:12 AM, Dobbins, Roland wrote:

> Wrong.  The attacker just programmatically generates semantically-valid traffic which is indistinguishablle from real traffic, and crowds out the real traffic.
> All those fancy timers and counters and what-not don't matter.
> I've seen it done over and over again.  Why some folks seem to think this is theoretical or that I somehow haven't thought of something they think will prove to be a magic solution is really beyond me, heh.

The reality is they just have not been attacked yet, and hence have no experience in what to do about the problem...

- Jared

More information about the NANOG mailing list