automatic rtbh trigger using flow data
Roland Dobbins
rdobbins at arbor.net
Sun Sep 2 03:09:32 UTC 2018
On 1 Sep 2018, at 1:43, Hugo Slabbert wrote:
> Generally on the TCP side you can try SYN or ACK floods, but you're
> not going to get an amplified reflection.
Actually, TCP reflection/amplification has been on the increase; the
attacker is guaranteed at least 4:1 amplification in most circumstances,
the number of reflectors/amplifiers is for all practical purposes
infinite, and they're mostly legitimate, non-broken
services/applications.
And as always, it's important to note that with all
reflection/amplification attacks, the root of the issue is the lack of
universal source-address validation (SAV). Without the ability to
spoof, there would be no reflection/amplification attacks.
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the NANOG
mailing list