UDP port 80 DDoS attack

• Previous message (by thread): UDP port 80 DDoS attack
• Next message (by thread): UDP port 80 DDoS attack
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It works in theory, but to get every ISP and hosting provider to ACL their
edges and maintain those ACL's for every customer no matter how large might
be a bit difficult.  Also, what about non-BGP customers or customers that
just accept a default route? Or even customers that just want return
traffic to come in a different link for some reason.  ISP's would suddenly
become giant traffic registries.

2012/2/8 George Bonser <gbonser at seven.com>

>
>
> >From: Keegan Holley
>
> >How do you stop it?
>
> A provider knows what destination IP traffic they route TO a customer,
> don't they?  That should be the only source IPs they accept FROM a customer.
>
>
> If you don't route it TO the customer, you shouldn't accept it FROM the
> customer unless you have made special arrangements with them and verified
> they are entitled to source the traffic from the desired IPs.
>
>
>
>

• Previous message (by thread): UDP port 80 DDoS attack
• Next message (by thread): UDP port 80 DDoS attack
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]