DDOS solution recommendation
morrowc.lists at gmail.com
Mon Jan 12 21:43:07 UTC 2015
On Mon, Jan 12, 2015 at 4:35 PM, Mike Hammett <nanog at ics-il.net> wrote:
> So the preferred alternative is to simply do nothing at all? That seems fair.
fairly certain I didn't say that, no.
I think that lots of smarter-than-me folk have already chimed in with options...
All I wanted to do with this was to note I didn't say 'do nothing'.
> ----- Original Message -----
> From: "Christopher Morrow" <morrowc.lists at gmail.com>
> To: "Brandon Ross" <bross at pobox.com>
> Cc: "Mike Hammett" <nanog at ics-il.net>, "NANOG list" <nanog at nanog.org>
> Sent: Monday, January 12, 2015 3:05:14 PM
> Subject: Re: DDOS solution recommendation
> On Mon, Jan 12, 2015 at 3:17 PM, Brandon Ross <bross at pobox.com> wrote:
>> On Sun, 11 Jan 2015, Mike Hammett wrote:
>>> I know that UDP can be spoofed, but it's not likely that the SSH, mail,
>>> etc. login attempts, web page hits, etc. would be spoofed as they'd have to
>>> know the response to be of any good.
>> Okay, so I'm curious. Are you saying that you do not automatically block
>> attackers until you can confirm a 3-way TCP handshake has been completed,
>> and therefore you aren't blocking sources that were spoofed? If so, how are
>> you protecting yourself against SYN attacks? If not, then you've made it
>> quite easy for attackers to deny any source they want.
> this all seems like a fabulous conversation we're watching, but really
> .. if someone wants to block large swaths of the intertubes on their
> systems it's totally up to them, right? They can choose to not be
> functional all they want, as near as I can tell... and arguing with
> someone with this mentality isn't productive, especially after several
> (10+? folk) have tried to show and tell some experience that would
> lead to more cautious approaches.
> If mike wants less packets, that's all cool... I'm not sure it's
> actually solving anything, but sure, go right ahead, have fun.
More information about the NANOG