![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: Is there a line of defense against Distributed Reflective attacks?
From: Brad Laue <brad () brad-x com>
Date: Thu, 16 Jan 2003 23:20:13 -0500
Christopher L. Morrow wrote:
On Thu, 16 Jan 2003, hc wrote:Because syn cookies are available on routing gear??? Either way syn cookies are not going to keep the device from sending a 'syn-ack' to the 'originating host'.True.. At least it will have some stop in the amount of attacks. It is quite unfortunate that it is impossible to control the 'ingress' point of attack flow. Whenever there is a DoS attack, the only way to drop it is to null route it (the method you have devised) over BGP peering, but that knocks the victim host off the 'net... :-(Sure, but this like all other attacks of this sort can be tracked... and so the pain is over /quickly/ provided you can track it quickly :) Also, sometimes null routes are ok.
How quickly is quickly? Often times as has been my recent experience (part of my motivation for posting this thread) the flood is over before one can get a human being on the phone.
What kinds of mechanisms exist for keeping track of the origins of something of this nature?
-- // -- http://www.BRAD-X.com/ -- //
Current thread:
- Is there a line of defense against Distributed Reflective attacks? Brad Laue (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? hc (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? Rob Thomas (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? hc (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? Brad Laue (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? hc (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? E.B. Dreger (Jan 18)
- Re: Is there a line of defense against Distributed Reflective attacks? Travis Pugh (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? Valdis . Kletnieks (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? Christopher L. Morrow (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? hc (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? hc (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? hc (Jan 16)
- Re: Is there a line of defense against Distributed Reflective attacks? Hank Nussbacher (Jan 16)