nanog mailing list archives
Re: DDOS prevention offensive.
From: "Bill Larson" <blarson () compu net>
Date: Thu, 12 Jul 2001 12:14:47 -0500
Well to sum it up in one sentence. If you eliminate the bogus addresses, you can then target the actual zombie machines used to attack the site and eventually eliminate the risk via patching or null route them. So filtering bogus addresses, non-routable addresses, and the addresses, which do not belong to your net blocks, would serve to combat the denial of service attacks. Bill Larson Network Administrator, Compu-Net Enterprises Local: (931) 920-0043 Toll free: (877) 920-1429 ----- Original Message ----- From: "Rob Thomas" <robt () cymru com> To: <nanog () merit edu> Sent: Thursday, July 12, 2001 12:03 PM Subject: Re: DDOS prevention offensive.
] Discuss the effect that wide spread filtering against spoofed ] addresses would have on the current number of DDOS attacks. I performed a statistical analysis of a collection of log files from one oft-targeted site. The data therein revealed that 68% of all the naughty packets contained obviously bogon source addresses (e.g. 127/8). I wouldn't extrapolate this analysis to fit all sites. I see more than enough DoS attacks were the source is not spoofed. I do think such filtering would go a long way towards mitigating DDoS attacks. -- Rob Thomas http://www.cymru.com/~robt cmn_err(CE_PANIC, "Out of coffee...");
Current thread:
- DDOS prevention offensive. Joseph T. Klein (Jul 12)
- Re: DDOS prevention offensive. Rob Thomas (Jul 12)
- Re: DDOS prevention offensive. Bill Larson (Jul 12)
- Re: DDOS prevention offensive. Jason Slagle (Jul 12)
- Re: DDOS prevention offensive. Christopher L. Morrow (Jul 12)
- Re: DDOS prevention offensive. Bill Larson (Jul 12)
- Re: DDOS prevention offensive. Bill Larson (Jul 12)
- <Possible follow-ups>
- RE: DDOS prevention offensive. Roeland Meyer (Jul 12)
- Re: DDOS prevention offensive. John McNeal (Jul 12)
- Re: DDOS prevention offensive. Rob Thomas (Jul 12)