UDP port 80 DDoS attack

Keegan Holley keegan.holley at sungard.com
Mon Feb 6 01:37:34 UTC 2012

2012/2/5 Dobbins, Roland <rdobbins at arbor.net>

> On Feb 6, 2012, at 8:10 AM, Keegan Holley wrote:
> > An entire power point just to recommend ACL's, uRPF, CPP, DHCP snooping,
> and RTBH?
> Actually, no, that isn't the focus of the preso.
> > The first four will not work against a DDOS attack
> This is incorrect - suggest you read the preso.

The ACL's are configured on the routers belonging to the victim AS which
will not save their access pipe if it's overrun unless I'm missing
something.  uRPF may help with spoofed traffic, but sometimes causes
problems with multi-homing and is often more harmful than helpful depending
on the network design.

> > and the last one just kills the patient so he does not infect other
> patients.
> S/RTBH - as opposed to D/RTBH - doesn't kill the patient.  Again, suggest
> you read the preso.

Source RTBH often falls victim to rapidly changing or spoofed source IP"s.
It also isn't as widely supported as it should be. I never said DDOS was
hopeless, there just aren't a wealth of defenses against it.

More information about the NANOG mailing list