DDOS solution recommendation

Brandon Ross bross at pobox.com
Tue Jan 13 19:18:26 UTC 2015


Earlier in the thread you seemed extremely confident in your position that 
long term blocking of addresses that appeared as source addresses of 
undesirable traffic is a good thing.  Why are you now avoiding answering 
my question with a strawman?

On Mon, 12 Jan 2015, Mike Hammett wrote:

> So the preferred alternative is to simply do nothing at all? That seems fair.
>
>
>
>
> -----
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
>
>
> ----- Original Message -----
>
> From: "Christopher Morrow" <morrowc.lists at gmail.com>
> To: "Brandon Ross" <bross at pobox.com>
> Cc: "Mike Hammett" <nanog at ics-il.net>, "NANOG list" <nanog at nanog.org>
> Sent: Monday, January 12, 2015 3:05:14 PM
> Subject: Re: DDOS solution recommendation
>
> On Mon, Jan 12, 2015 at 3:17 PM, Brandon Ross <bross at pobox.com> wrote:
>> On Sun, 11 Jan 2015, Mike Hammett wrote:
>>
>>> I know that UDP can be spoofed, but it's not likely that the SSH, mail,
>>> etc. login attempts, web page hits, etc. would be spoofed as they'd have to
>>> know the response to be of any good.
>>
>>
>> Okay, so I'm curious. Are you saying that you do not automatically block
>> attackers until you can confirm a 3-way TCP handshake has been completed,
>> and therefore you aren't blocking sources that were spoofed? If so, how are
>> you protecting yourself against SYN attacks? If not, then you've made it
>> quite easy for attackers to deny any source they want.
>
> this all seems like a fabulous conversation we're watching, but really
> .. if someone wants to block large swaths of the intertubes on their
> systems it's totally up to them, right? They can choose to not be
> functional all they want, as near as I can tell... and arguing with
> someone with this mentality isn't productive, especially after several
> (10+? folk) have tried to show and tell some experience that would
> lead to more cautious approaches.
>
> If mike wants less packets, that's all cool... I'm not sure it's
> actually solving anything, but sure, go right ahead, have fun.
>
> -chris
>

-- 
Brandon Ross                                      Yahoo & AIM:  BrandonNRoss
+1-404-635-6667                                                ICQ:  2269442
                                                          Skype:  brandonross
Schedule a meeting:  http://www.doodle.com/bross



More information about the NANOG mailing list