TCP-AMP DDoS Attack - Fake abuse reports problem

Tom Beecher beecher at beecher.cc
Fri Feb 21 16:20:36 UTC 2020


It is spoofing, but it is also absolutely amplification. Look at the preso
that Damien linked :
https://www.usenix.org/conference/woot14/workshop-program/presentation/kuhrer

Hope that this doesn't become one of the 'services' that you provide! :)

On Thu, Feb 20, 2020 at 6:40 PM Jean | ddostest.me via NANOG <
nanog at nanog.org> wrote:

> It doesn't sound to be a real amplification.. If it is, can anyone provide
> the amplification factor? 1x?
>
> It sounds more like a TCP spoofing.
>
> Jean
> On 2020-02-20 18:22, Töma Gavrichenkov wrote:
>
> Peace,
>
> On Fri, Feb 21, 2020, 1:57 AM Filip Hruska <fhr at fhrnet.eu> wrote:
>
>> [..] OVH has been offering DDOS protection capable of soaking up hundreds
>> of gigabits+ per second as a standard with all their services for a long
>> time
>>
> They only do it for common trivial vectors like UDP-based amplification —
> and other types easily handleable through flowspec.
>
> Which is honestly not their fault because they try to keep their costs
> down.  (Other means to keep the costs down may be of concern of Ronald G.
> though, but that's a different story.)
>
> However, TCP amplification is not of that sort.
>
> --
> Töma
>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200221/4f572167/attachment.html>


More information about the NANOG mailing list